1 results (0.025 seconds)
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1
NotCVE-2023-0003 – RSA signature verification bypass via Arbitrary Code Execution in Sansa Connect bootloader
https://notcve.org/view.php?id=NotCVE-2023-0003
Sansa Connect bootloader does not validate RSA signature multiprecision integer (MPI) length. Attacker can supply image that combined with specific MPI length leads to Arbitrary Code Execution via overwritten return address on stack. • https://github.com/desowin/zsitool/blob/master/exploit.md • CWE-121: Stack-based Buffer Overflow •