Connect-iq@1.0.0 Security Vulnerabilities and Issues — Connect-iq@1.0.0 CVE List

Lucene search

GarminConnect-iq1.0.0

3 matches found

CVE•added 2023/05/23 8:15 p.m.•42 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data s...

7.5CVSS7.3AI score0.00116EPSS

CVE•added 2023/05/23 8:15 p.m.•39 views

CVE-2023-23301

The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon lo...

9.8CVSS9.2AI score0.00289EPSS

CVE•added 2023/05/23 8:15 p.m.•34 views

CVE-2023-23305

The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.

9.8CVSS9.3AI score0.00356EPSS