FKIE_CVE-2023-3024

Vulnerability from fkie_nvd - Published: 2023-09-29 17:15 - Updated: 2024-11-21 08:16
Severity ?
5.9 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
References
product-security@silabs.comhttps://github.com/SiliconLabs/gecko_sdkProduct
product-security@silabs.comhttps://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ViQvHQAV/?operationContext=S1Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/SiliconLabs/gecko_sdkProduct
af854a3a-2127-422b-91ae-364da2661108https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ViQvHQAV/?operationContext=S1Permissions Required, Vendor Advisory
Impacted products
Vendor Product Version
silabs gecko_software_development_kit *
qualcomm aqt1000 -
qualcomm csrb31024 -
qualcomm wcd9370 -
qualcomm wcd9375 -
qualcomm wcd9380 -
qualcomm wcd9385 -
qualcomm wsa8830 -
qualcomm wsa8835 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3DE410C-55EC-4831-B7F1-66B341B1D760",
              "versionEndExcluding": "6.0.0",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:qualcomm:aqt1000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "715A9F94-5F9E-45E5-B07B-699410C01478",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:qualcomm:csrb31024:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "770F3924-BE27-4BDE-B922-680B3C9753EB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98784DC-3143-4D38-AD28-DBBDCCAB4272",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA94C6D6-85DB-4031-AAF4-C399019AE16D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1FA2EB9-416F-4D69-8786-386CC73978AE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Forcing the Bluetooth LE stack to segment \u0027prepare write response\u0027 packets can lead to an out-of-bounds memory access."
    },
    {
      "lang": "es",
      "value": "Obligar a la pila Bluetooth LE a segmentar paquetes de \"prepare write response\" puede provocar un acceso a la memoria fuera de los l\u00edmites."
    }
  ],
  "id": "CVE-2023-3024",
  "lastModified": "2024-11-21T08:16:16.040",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 4.2,
        "source": "product-security@silabs.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-29T17:15:47.043",
  "references": [
    {
      "source": "product-security@silabs.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    },
    {
      "source": "product-security@silabs.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ViQvHQAV/?operationContext=S1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ViQvHQAV/?operationContext=S1"
    }
  ],
  "sourceIdentifier": "product-security@silabs.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "product-security@silabs.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.