4 results (0.009 seconds)

CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0007.md • CWE-129: Improper Validation of Array Index •

CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0004.md • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0005.md • CWE-129: Improper Validation of Array Index •

CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1

Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0006.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •