CVE-2023-6322
Stack-based buffer overflow in message parser functionality
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.
Existe una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la funcionalidad de análisis de mensajes de Roku Indoor Camera SE versión 3.0.2.4679 y Wyze Cam v3 versión 4.36.11.5859. Un mensaje especialmente manipulado puede provocar un desbordamiento de búfer en la región stack de la memoria. Un atacante puede realizar solicitudes autenticadas para desencadenar esta vulnerabilidad.
*Credits:
Alexandru Lazar, Radu Basaraba
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-27 CVE Reserved
- 2024-05-15 CVE Published
- 2024-08-02 CVE Updated
- 2025-02-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
CAPEC
- CAPEC-100: Overflow Buffers
References (1)
| URL | Tag | Source |
|---|---|---|
| https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Roku Search vendor "Roku" | Indoor Camera SE Search vendor "Roku" for product "Indoor Camera SE" | <= 3.0.2.4679 Search vendor "Roku" for product "Indoor Camera SE" and version " <= 3.0.2.4679" | en |
Affected
| ||||||
| Wyze Search vendor "Wyze" | Cam V3 Search vendor "Wyze" for product "Cam V3" | <= 4.36.11.5859 Search vendor "Wyze" for product "Cam V3" and version " <= 4.36.11.5859" | en |
Affected
| ||||||