CVE-2023-4234

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-4234
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4234.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4234
Downstream
Related
Published
2024-04-17T23:15:07Z
Modified
2025-09-10T13:10:06.417649Z
Summary
[none]
Details

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodesubmitreport() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decodesubmit(), but it was forgotten in decodesubmit_report().

References

Affected packages

Debian:11 / ofono

Package

Name
ofono
Purl
pkg:deb/debian/ofono?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.31-3
1.31-4

2.*

2.10-1
2.11-1
2.12-1
2.14-1
2.16-1
2.16-2
2.16-3
2.16-4
2.16-5
2.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ofono

Package

Name
ofono
Purl
pkg:deb/debian/ofono?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.31-3
1.31-4

2.*

2.10-1
2.11-1
2.12-1
2.14-1
2.16-1
2.16-2
2.16-3
2.16-4
2.16-5
2.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ofono

Package

Name
ofono
Purl
pkg:deb/debian/ofono?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / ofono

Package

Name
ofono
Purl
pkg:deb/debian/ofono?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / git.kernel.org/pub/scm/network/ofono/ofono.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/network/ofono/ofono.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
54aa82cbbe3e3bf29dea7eaf35adbc91b94df2ae

Affected versions

0.*

0.1
0.10
0.11
0.12
0.13
0.14
0.15
0.16
0.17
0.18
0.19
0.2
0.20
0.21
0.22
0.23
0.24
0.25
0.26
0.27
0.28
0.29
0.3
0.30
0.31
0.32
0.33
0.34
0.35
0.36
0.37
0.38
0.39
0.4
0.40
0.41
0.42
0.43
0.44
0.45
0.46
0.47
0.48
0.49
0.5
0.50
0.51
0.52
0.53
0.6
0.7
0.8
0.9

1.*

1.0
1.1
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.2
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28
1.29
1.3
1.30
1.31
1.32
1.33
1.34
1.4
1.5
1.6
1.7
1.8
1.9

2.*

2.0