gsd-2023-43512
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-43512", "id": "GSD-2023-43512" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-43512" ], "details": "Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.", "id": "GSD-2023-43512", "modified": "2023-12-13T01:20:44.290885Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "product-security@qualcomm.com", "ID": "CVE-2023-43512", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Snapdragon", "version": { "version_data": [ { "version_affected": "=", "version_value": "QCN7606" } ] } } ] }, "vendor_name": "Qualcomm, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer." } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-126", "lang": "eng", "value": "CWE-126 Buffer Over-read" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin", "refsource": "MISC", "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin" } ] } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:qualcomm:qcn7606_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F466A5BD-1912-4811-9A93-81555F101D46", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:qualcomm:qcn7606:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F92914E-16F6-4A25-9FEF-FB7CB3377132", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "descriptions": [ { "lang": "en", "value": "Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer." }, { "lang": "es", "value": "DOS transitorio mientras analiza los datos del servicio GATT cuando la cantidad total de memoria requerida por los m\u00faltiples servicios es mayor que el tama\u00f1o real del b\u00fafer de servicios." } ], "id": "CVE-2023-43512", "lastModified": "2024-04-12T16:15:31.800", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "product-security@qualcomm.com", "type": "Primary" } ] }, "published": "2024-01-02T06:15:13.390", "references": [ { "source": "product-security@qualcomm.com", "tags": [ "Vendor Advisory" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin" } ], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-126" } ], "source": "product-security@qualcomm.com", "type": "Secondary" } ] } } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.