CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24817 – RIOT-OS vulnerable to Out of Bounds write in routing with SRH
https://notcve.org/view.php?id=CVE-2023-24817
Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. • https://github.com/RIOT-OS/RIOT/commit/34dc1757f5621be48e226cfebb2f4c63505b5360 https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xjgw-7638-29g5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-34151
https://notcve.org/view.php?id=CVE-2023-34151
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). • https://access.redhat.com/security/cve/CVE-2023-34151 https://bugzilla.redhat.com/show_bug.cgi?id=2210657 https://github.com/ImageMagick/ImageMagick/issues/6341 https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32307 – heap-over-flow and integer-overflow in sofia-sip
https://notcve.org/view.php?id=CVE-2023-32307
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. ... The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. • https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c https://lists.debian.org/debian-lts-announce/2023/06/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OY66DOQ3B7GULJTI66X5HNX5FU3P65CX https://www.debian.org/security/2023/dsa-5431 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48480
https://notcve.org/view.php?id=CVE-2022-48480
Integer overflow vulnerability in some phones. • https://consumer.huawei.com/en/support/bulletin/2023/5 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23298
https://notcve.org/view.php?id=CVE-2023-23298
The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. • https://developer.garmin.com/connect-iq/api-docs/Toybox/Graphics/BufferedBitmap.html#initialize-instance_function https://developer.garmin.com/connect-iq/compatible-devices https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23298.md • CWE-190: Integer Overflow or Wraparound •