Home > Vulnerability Database > CVE-2023-4424

Mend.io Vulnerability Database

CVE-2023-4424

Good to know:

Date: November 21, 2023

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.

Language: C

Severity Score

8.3

Related Resources (3)

Url: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-4424

Url: https://www.mend.io/vulnerability-database/CVE-2023-4424

Severity Score

8.3

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Top Fix

Upgrade Version

Upgrade to version v3.5.0

Learn More

CVSS v3.1

Base Score:	8.3
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-4424

Good to know:

Date: November 21, 2023

Language: C

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?