VDB
CVE-2023-5058
CVE-2023-5058
PUBLISHED
BRLY-LOGOFAIL-2023-026 Low CVE-2023-5058 BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability. Lack of synchronization between ImageSize in BMP Image Header and ImageIndex allows OOB Read in Phoenix firmware.
EPSS 0.04% · 13.8th percentile
Risk Scores
EPSS Score
0.04%
13.8th percentile
Exploit Intelligence
- CIRCL seen: CVE-2023-5058 (circl-sighting)
- CIRCL exploited: CVE-2023-5058 (circl-sighting)
- https://www.phoenix.com/security-notifications/ (circl)
- https://www.phoenix.com/security-notifications/cve-2023-5058/ (circl)
- https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/ (circl)
- https://www.kb.cert.org/vuls/id/811862 (circl)
- [BRLY-2023-006] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access. (binarly)
Timeline
- Dec 6, 2023 CVE Published
- Dec 8, 2023 EPSS Score
- Dec 11, 2023 PoC Published
- Dec 31, 2023 PoC Published
- Jan 6, 2024 EPSS Score
- Feb 5, 2024 EPSS Score
- Mar 5, 2024 EPSS Score
- Apr 4, 2024 EPSS Score
- May 3, 2024 EPSS Score
- Jun 1, 2024 EPSS Score
- Jul 1, 2024 EPSS Score
- Jul 30, 2024 EPSS Score
References
- [BRLY-2023-006] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access. advisory
- [BRLY-LOGOFAIL-2023-026] Memory contents leak / information disclosure vulnerability in DXE driver advisory
- [BRLY-DVA-2023-028] SMM memory corruption vulnerability in SMM module on Fujitsu device (SMRAM write) advisory
- [BRLY-DVA-2023-027] SMM arbitrary code execution vulnerability in SMM module on Fujitsu device advisory
- [BRLY-DVA-2023-026] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write) advisory
- [BRLY-DVA-2023-025] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write) advisory
- [BRLY-LOGOFAIL-2023-027] Memory Corruption vulnerability in DXE driver advisory
- [BRLY-LOGOFAIL-2023-028] Memory Corruption vulnerability in DXE driver advisory
- [BRLY-LOGOFAIL-2023-029] Memory contents leak / information disclosure vulnerability in DXE driver advisory
- [BRLY-LOGOFAIL-2023-030] Memory Corruption vulnerability in DXE driver. advisory
- [BRLY-LOGOFAIL-2023-025] Memory contents leak / information disclosure vulnerability in DXE driver advisory
- Memory Corruption vulnerability in DXE driver. advisory
- Memory contents leak / information disclosure vulnerability in DXE driver. advisory
- Memory Corruption vulnerability in DXE driver. advisory
- Memory Corruption vulnerability in DXE driver. advisory
- Memory contents leak / information disclosure vulnerability in DXE driver. advisory
- Memory contents leak / information disclosure vulnerability in DXE driver. advisory