Vulnerability Details : CVE-2023-0847
The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2023-0847
- cpe:2.3:a:dash7-alliance:dash7_alliance_protcol:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0847
80.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0847
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
ICS-CERT | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2023-0847
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: ics-cert@hq.dhs.gov (Primary)
References for CVE-2023-0847
-
https://www.cisa.gov/news-events/ics-advisories/icsa-23-047-13
Sub-IoT DASH 7 Alliance Protocol stack implementation | CISAThird Party Advisory;US Government Resource
-
https://github.com/Sub-IoT/Sub-IoT-Stack/security/advisories/GHSA-ggxh-88wc-c4fg
Possible remote memory corruption over the DASH7 modem · Advisory · Sub-IoT/Sub-IoT-Stack · GitHubVendor Advisory
Jump to