← back
CVE-2023-43512

Buffer Over-read in Qualcomm ESL

CVSS 7.5 HIGHEPSS 0.3%CWE-126
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin