VDB
CVE-2023-4235
CVE-2023-4235
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver_report().
EPSS 0.14% · 33.7th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.14%
33.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ofono_project | ofono | 0 |
| n/a | ofono | 2.1 |
| fedoraproject | fedora | 40 |
| Fedora | Fedora |
Exploit Intelligence
Timeline
- Apr 17, 2024 CVE Published
- Apr 18, 2024 EPSS Score
- May 13, 2024 EPSS Score
- Jun 8, 2024 EPSS Score
- Jul 2, 2024 EPSS Score
- Jul 27, 2024 EPSS Score
- Aug 21, 2024 EPSS Score
- Sep 15, 2024 EPSS Score
- Oct 10, 2024 EPSS Score
- Nov 28, 2024 EPSS Score
- Dec 24, 2024 EPSS Score
- Jan 18, 2025 EPSS Score
References
- RHBZ#2255402 issue
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO/ url
- https://nvd.nist.gov/vuln/detail/CVE-2023-4235 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO url