Lucene search

[email protected]NVD:CVE-2023-20702

HistoryNov 06, 2023 - 4:15 a.m.

CVE-2023-20702

2023-11-0604:15:07

[email protected]

web.nvd.nist.gov

nrlc

memory access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.6%

JSON

In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.

Affected configurations

NVD

Node

mediatekmt6835Match-

mediatekmt6873Match-

mediatekmt6875Match-

mediatekmt6879Match-

mediatekmt6883Match-

mediatekmt6885Match-

mediatekmt6886Match-

mediatekmt6889Match-

mediatekmt6895Match-

mediatekmt6980Match-

mediatekmt6983Match-

mediatekmt6985Match-

mediatekmt6990Match-

mediatekmt8673Match-

mediatekmt8675Match-

mediatekmt8791Match-

mediatekmt8791tMatch-

mediatekmt8797Match-

mediatekmt8798Match-

AND

mediateknr15Match-

mediateknr16Match-

mediateknr17Match-

References

corp.mediatek.com/product-security-bulletin/November-2023

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.6%

JSON

Related for NVD:CVE-2023-20702

cve1 prion1 cvelist1