6 matches found
CVE-2023-23305
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...
CVE-2023-23305
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...
Information disclosure
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...
Buffer overflow
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...
CVE-2023-23305
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...
CVE-2023-23301
The CVE-2023-23301 issue affects CIQ API versions 1.0.0 through 4.1.7, where the news MonkeyC operation code fails to ensure string resources don’t extend past section boundaries. This can allow a malicious CIQ application to craft a string starting near a section end whose length overflows past ...