mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
21 lines
998 B
JSON
21 lines
998 B
JSON
{
|
|
"id": "CVE-2024-23963",
|
|
"sourceIdentifier": "ics-cert@hq.dhs.gov",
|
|
"published": "2025-01-31T00:15:09.483",
|
|
"lastModified": "2025-01-31T00:15:09.483",
|
|
"vulnStatus": "Received",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the PBAP_DecodeVCARD function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-850/",
|
|
"source": "ics-cert@hq.dhs.gov"
|
|
}
|
|
]
|
|
} |