CVE-2023-0847
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Sub-IoT | DASH 7 Alliance Protocol stack implementation | 0 < 0.5.0 | affected |
Weaknesses
- CWE-787: CWE-787 Out-of-bounds Write
ADP Enrichment
CVE Program Container
Additional References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-047-13
- https://github.com/Sub-IoT/Sub-IoT-Stack/security/advisories/GHSA-ggxh-88wc-c4fg
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-047-13
- https://github.com/Sub-IoT/Sub-IoT-Stack/security/advisories/GHSA-ggxh-88wc-c4fg
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.