Lucene search

[email protected]CVE-2023-32830

HistoryOct 02, 2023 - 3:15 a.m.

CVE-2023-32830

2023-10-0203:15:10

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-32830

tvapi

out of bounds write

local privilege escalation

system execution privileges

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.

Affected configurations

Vulners

NVD

Node

googleandroidRange<10.0

googleandroidRange<11.0

mediatekmt5527

mediatekmt5583

mediatekmt5598

mediatekmt5599

mediatekmt5670

mediatekmt5680

mediatekmt5691

mediatekmt5695

mediatekmt5806

mediatekmt5813

mediatekmt5815

mediatekmt5816

mediatekmt5833

mediatekmt5835

mediatekmt5895

mediatekmt9010

mediatekmt9011

mediatekmt9012

mediatekmt9016

mediatekmt9020

mediatekmt9021

mediatekmt9022

mediatekmt9215

mediatekmt9216

mediatekmt9221

mediatekmt9222

mediatekmt9255

mediatekmt9256

mediatekmt9266

mediatekmt9269

mediatekmt9285

mediatekmt9286

mediatekmt9600

mediatekmt9602

mediatekmt9610

mediatekmt9612

mediatekmt9613

mediatekmt9615

mediatekmt9617

mediatekmt9629

mediatekmt9630

mediatekmt9631

mediatekmt9632

mediatekmt9633

mediatekmt9636

mediatekmt9638

mediatekmt9639

mediatekmt9649

mediatekmt9650

mediatekmt9652

mediatekmt9653

mediatekmt9660

mediatekmt9666

mediatekmt9667

mediatekmt9669

mediatekmt9670

mediatekmt9671

mediatekmt9675

mediatekmt9679

mediatekmt9685

mediatekmt9686

mediatekmt9688

mediatekmt9900

mediatekmt9901

mediatekmt9931

mediatekmt9950

mediatekmt9969

mediatekmt9970

mediatekmt9980

mediatekmt9981

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt5527*cpe:2.3:h:mediatek:mt5527:*:*:*:*:*:*:*:*
mediatekmt5583*cpe:2.3:h:mediatek:mt5583:*:*:*:*:*:*:*:*
mediatekmt5598*cpe:2.3:h:mediatek:mt5598:*:*:*:*:*:*:*:*
mediatekmt5599*cpe:2.3:h:mediatek:mt5599:*:*:*:*:*:*:*:*
mediatekmt5670*cpe:2.3:h:mediatek:mt5670:*:*:*:*:*:*:*:*
mediatekmt5680*cpe:2.3:h:mediatek:mt5680:*:*:*:*:*:*:*:*
mediatekmt5691*cpe:2.3:h:mediatek:mt5691:*:*:*:*:*:*:*:*
mediatekmt5695*cpe:2.3:h:mediatek:mt5695:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt5527	*	cpe:2.3:h:mediatek:mt5527::::::::
mediatek	mt5583	*	cpe:2.3:h:mediatek:mt5583::::::::
mediatek	mt5598	*	cpe:2.3:h:mediatek:mt5598::::::::
mediatek	mt5599	*	cpe:2.3:h:mediatek:mt5599::::::::
mediatek	mt5670	*	cpe:2.3:h:mediatek:mt5670::::::::
mediatek	mt5680	*	cpe:2.3:h:mediatek:mt5680::::::::
mediatek	mt5691	*	cpe:2.3:h:mediatek:mt5691::::::::
mediatek	mt5695	*	cpe:2.3:h:mediatek:mt5695::::::::

Rows per page:

1-10 of 721

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT5527, MT5583, MT5598, MT5599, MT5670, MT5680, MT5691, MT5695, MT5806, MT5813, MT5815, MT5816, MT5833, MT5835, MT5895, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9215, MT9216, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9600, MT9602, MT9610, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9633, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9660, MT9666, MT9667, MT9669, MT9670, MT9671, MT9675, MT9679, MT9685, MT9686, MT9688, MT9900, MT9901, MT9931, MT9950, MT9969, MT9970, MT9980, MT9981",
    "versions": [
      {
        "version": "Android 10.0, 11.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/October-2023

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-32830

prion1 cvelist1 nvd1