CVE-2023-23441 : Some Honor products are affected by out of bounds read vulnerability, successful

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.

Published 2023-12-29 04:15:09

Updated 2024-01-04 23:48:30

Source

View at NVD, CVE.org

Products affected by CVE-2023-23441

Hihonor » Magic Ui
Versions up to, including, (<=) 6.1.0.500
cpe:2.3:a:hihonor:magic_ui:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N	1.5	4.0	Honor Device Co., Ltd.
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: None Availability: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST	2024-01-04
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

https://www.hihonor.com/global/security/cve-2023-23441/

Out-Of-Bounds Read Vulnerability in Some Honor Products | HONOR Global
Vendor Advisory

Jump to