CVE-2023-36629

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read.

El paquete ST ST54-android-packages-apps-Nfc anterior a 130-20230215-23W07p0 para Android tiene una lectura fuera de los límites.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-06-25 CVE Reserved
2024-01-09 CVE Published
2024-01-10 EPSS Updated
2024-08-02 CVE Updated
2024-08-02 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (3)

URL	Tag	Source
https://github.com/STMicroelectronics/ST54-android-packages-apps-Nfc/releases/tag/130-20230215-23W07p0	Release Notes

URL	Date	SRC
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer	2024-08-02
https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-007_Xiaomi_Redmi_10sNote-1.txt	2024-08-02

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
St Search vendor "St"		St54-android-packages-apps-nfc Search vendor "St" for product "St54-android-packages-apps-nfc"				< 130-20230215-23w07p0 Search vendor "St" for product "St54-android-packages-apps-nfc" and version " < 130-20230215-23w07p0"		-		Affected