Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-23301

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 May, 2023 | 00:00
Updated At-21 Jan, 2025 | 14:50
Rejected At-
Credits

The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 May, 2023 | 00:00
Updated At:21 Jan, 2025 | 14:50
Rejected At:
â–¼CVE Numbering Authority (CNA)

The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23301.md
N/A
Hyperlink: https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23301.md
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23301.md
x_transferred
Hyperlink: https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23301.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 May, 2023 | 20:15
Updated At:30 May, 2023 | 17:38

The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
garmin
garmin
>>connect-iq>>Versions from 1.0.0(inclusive) to 4.1.7(inclusive)
cpe:2.3:a:garmin:connect-iq:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23301.mdcve@mitre.org
Exploit
Hyperlink: https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23301.md
Source: cve@mitre.org
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

258Records found
CVE-2020-25021
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 70.10%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 03:34
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access.

Action-Not Available
Vendor-noise-java_projectn/a
Product-noise-javan/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-15208
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.33% / 55.66%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:45
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Data corruption in tensorflow-lite

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Action-Not Available
Vendor-Google LLCopenSUSETensorFlow
Product-tensorflowleaptensorflow
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-15889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 66.09%
||
7 Day CHG~0.00%
Published-21 Jul, 2020 | 21:35
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.

Action-Not Available
Vendor-luan/a
Product-luan/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-13601
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-9||CRITICAL
EPSS-0.43% / 62.54%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 21:40
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible read out of bounds in dns read

Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11136
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.66%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Over-read in audio driver while using malloc management function due to not returning NULL for zero sized memory requirement in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfs2580qfe2550msm8960qcs610pmi8996qdm5579qfe1045qdm2307qfs2530qpa8802qln1030pm6125qat3519mdm9645pm8917pm8150asc8180x\+sdx55qtc800hqdm5670qcs2290sa6155qca6335msm8917pm7150lqpa8821mdm8215qln1020apq8076wtr3905qdm5671pmc1000hqfe2330msm8630qat3518sd632msm8108sa415mwcn3998wcn3950sm4125sd720gwtr1605wtr2605mdm9628qpa5460wcn3660bwtr2655qfe4320qcc112qca4020mdm8215mqdm5652mdm9630qpm8870qpm5679qbt2000msm8909wpm855pqca6420wcd9360pm6150awtr1625lmsm8627sdr735gwcn3999pm8150bqsm7250pm8996qcs6125pm8922qfe2101mdm9615mqca6430qcc1110qat3522qfe4455fcpmr735awtr1625qcs405smb1360wcd9340wfr2600sd765gqfe3440fcwcd9320sdr660qca6436wcn6851sa6155pqpa6560qfe3345apq8052msm8937sdr865smb1358wcd9341pmi8952smr545mdm9655qca6431qln5020wcd9371smb1350sd750gqdm3302sd_8cxwtr3950sa8150pqpm5657pm6350qdm5621qfe3340qtc800smsm8226sd660qdm5650sd712wcn3988wtr3925qfe2080fcsdr052smb1390pm6150lsd450qet4100wcn3610msm8608mdm9640qpm6585qtc410swcn3991smb1355qln4650qpa8801sdm429wwcd9330wgr7640qat5568qet5100qca6564aumsm8230pm6150qca6574pm7250bqfs2630qpa8842pmm8996auwcd9380qualcomm215mdm9230qln4640qcs410smb1381sdr735pm7250wtr4905smb1395pm660lqpa8803ar8151smr526wtr5975qca6174pmk8003wcn3980pmd9645qdm2301qsw8573qcs605wsa8815wcn6850qbt1000wcn3910qca6320smb1394wcn3680qca9984pm8921sd835qfe4309qca1990pm8009qpa8675sd730sdx55mpm670aqfe4373fcpm8008msm8953qsw8574pmi8998mdm9225qfe2520apq8064pme605mdm9225mpm855lqcs603rsw8577pmd9635qfe4302qpm5621qpm6582sd670apq8009wqfe4303pm670pm8150lwtr1605lqdm5677pm8005qsm8250sa6145ppm215qdm2302msm8626pmm6155ausdxr1ar8031apq8096auwtr2965wfr1620pm8150qpm5875sdx55qet5100mapq8053sa8155pcsra6640pm8350bhssd675wtr4605sd439qet4101pm8952pmi8994qat3516pm670lwcd9310pm8226wcn3660qpm5658qca9379pm855bsmb2351qln1031qcm2290qpm5870pm8909qfe1040wsa8830qfe4465fcpm660rtr8600sdr051msm8960sgqln5030msm8930wcn2243pm4125qbt1500qpa5581pmi632pm456csrb31024mdm9650sd_636csra6620qpa5373qpm4621pmk8001qcs4290qet6100pmm855ausdr660gqfe2340qpa8686pm8110sd690_5gsmb1396pm7150awcd9370pm8350qca6564sdr425qca6426qpm5641whs9410qat5516wtr2955qdm5620qln1021aqsd662smb1380qfe4308pm8350bhmdm8635mapq8037pm3003asa8155qca6584qat5533wcn3615qca6595aumsm8227wtr2100sm7350qtc800tpm8940qpm6670smb1354wcd9306qca6584auqdm2305qca6310msm8208qpm8820qpm4641pm8937qpm2630qfe2081fcpm855sd429sdxr2_5gpm8250msm8962mpq8064smb1398apq8084sdm630sd821apq8062qdm4643msm8976sgpmx55sd205sdr675qca6421sm6250qdm3301sa8195ppm8953qat5515qca6694qpm5677smb231qfe1100qat3514wcd9326wcd9335wcn3660aqet4200aqwcd9385mdm8615mpm439qpm5620pmm8155aumdm9625qpm4630qca6390wcd9375ar8035aqt1000msm8956msm8976apq8064aupmm8195auqpa8673qdm2310qln4642qca6694auapq8056msm8952ar9374sda429wsd210sd820mdm9625mpmi8937pm8998pmk7350sdw3100wcn3620apq8017ar6003mdm9235mqca6564asmr546pmx24qet6110qfe1055qln5040qpm8895sdr845qpm5670wcn3990sd_675apq8030sd865_5gpm8019qca6595pmk8350rtr8601qpm8830pm8350bqat5522wsa8835msm8996auapq8060apm8150cpmr735bpmi8940sd888_5gsm6250prgr7640auqpa4360qln1035bdpm855aqpa4361qca6574amdm9206qca6174apm8350csmr525qpm4640wcn6750mdm9635mpmr525mdm9615pm7350cqpm4650qtm525wtr6955qfe3335pm8821sd855sd665qfe4305qca6175asd765pm640ppmd9607msm8209qat3555apq8009sd460qca6391smb1351qpa5461mdm9310qfe2082fcmsm8920qsc1215msm8610pm660aqpa4340qcm4290sdx50mpm640asdr8150qfs2608pm8916qln1036aqqtc801sqdm4650mdm9215sd_455pmd9655qca6574auqfe3320sd710mdm9607qsw6310qcm6125qpm6621wsa8810qdm2308pmw3100pmx50pm8018qat3550wcn6856qdm5679sd_8cwcn3680bsdr8250sd768gwcn6740qca6696qfe4301pm8004pm640lmsm8940pmk8002qpa2625sa6150psd845sm7250psdm830smb1357mdm9330pm8956sd850pm6250qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-13013
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 78.02%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-04 Dec, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-12895
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 78.02%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-04 Dec, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().

Action-Not Available
Vendor-n/atcpdump & libpcap
Product-tcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-12987
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 83.69%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found