NotCVE-2023-0003 – RSA signature verification bypass via Arbitrary Code Execution in Sansa Connect bootloader

https://notcve.org/view.php?id=NotCVE-2023-0003

Sansa Connect bootloader does not validate RSA signature multiprecision integer (MPI) length. Attacker can supply image that combined with specific MPI length leads to Arbitrary Code Execution via overwritten return address on stack. • https://github.com/desowin/zsitool/blob/master/exploit.md •