CVE-2023-50096
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application.
El middleware STMicroelectronics STSAFE-A1xx anterior a 3.3.7 permite la ejecución de código MCU si un adversario tiene la capacidad de leer y escribir en el bus I2C. Esto se debe a un desbordamiento de búfer StSafeA_ReceiveBytes en el paquete de software X-CUBE-SAFEA1 para aplicaciones de muestra STSAFE-A (1.2.0) y, por lo tanto, puede afectar el código escrito por el usuario que se derivó de una aplicación de muestra publicada.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-12-04 CVE Reserved
- 2024-01-01 CVE Published
- 2024-01-10 EPSS Updated
- 2024-09-09 CVE Updated
- 2024-09-09 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md | 2024-09-09 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| St Search vendor "St" | X-cube-safea1 Search vendor "St" for product "X-cube-safea1" | 1.2.0 Search vendor "St" for product "X-cube-safea1" and version "1.2.0" | stsafe-a |
Affected
| ||||||