CVE-2023-4234

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Apr 17, 2024
Updated: Apr 18, 2024
CWE ID 119

Summary

The vulnerability with the CVE ID name CVE-2023-4234 affects ofono, an Open Source Telephony on Linux. It is a stack overflow bug triggered within the decode_submit_report() function during SMS decoding. The attack scenario assumes accessibility from a compromised modem, a malicious base station, or just SMS. Although there is a bound check for memcpy length in decode_submit(), it was forgotten in decode_submit_report(). The vulnerability has a base severity of HIGH with an exploitability score of 2.2 and poses a potential danger to organizations as it has high impacts on integrity and confidentiality. Remediation steps are not provided in the information provided.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4234 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options