VDB
CVE-2023-4232
CVE-2023-4232
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_status_report().
EPSS 0.13% · 31.7th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.13%
31.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedora | Fedora | |
| n/a | ofono | 2.1 |
| fedoraproject | fedora | 39, 40 |
| ofono_project | ofono | 0 |
Exploit Intelligence
Timeline
- Dec 20, 2023 CVE Published
- Apr 18, 2024 EPSS Score
- May 13, 2024 EPSS Score
- Jun 8, 2024 EPSS Score
- Jul 2, 2024 EPSS Score
- Jul 27, 2024 EPSS Score
- Aug 21, 2024 EPSS Score
- Sep 15, 2024 EPSS Score
- Oct 10, 2024 EPSS Score
- Nov 28, 2024 EPSS Score
- Dec 24, 2024 EPSS Score
- Jan 18, 2025 EPSS Score
References
- RHBZ#2255394 issue
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO/ url
- https://nvd.nist.gov/vuln/detail/CVE-2023-4232 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO url