Lucene search

IcscertCVELIST:CVE-2023-0847

HistoryFeb 28, 2023 - 11:16 p.m.

CVE-2023-0847

2023-02-2823:16:22

CWE-787

icscert

www.cve.org

cve-2023-0847

out-of-bounds write

remote code execution

dash 7 protocol

system crashes

vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DASH 7 Alliance Protocol stack implementation",
    "repo": "https://github.com/Sub-IoT/Sub-IoT-Stack",
    "vendor": "Sub-IoT",
    "versions": [
      {
        "lessThan": "0.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "git"
      }
    ]
  }
]

References

github.com/Sub-IoT/Sub-IoT-Stack/security/advisories/GHSA-ggxh-88wc-c4fg

www.cisa.gov/news-events/ics-advisories/icsa-23-047-13

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for CVELIST:CVE-2023-0847