CVE-2023-43512

Published Jan 2, 2024

Last updated 6 months ago

CVSS high 7.5

Overview

Description: Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.
Source: product-security@qualcomm.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

product-security@qualcomm.com: CWE-126
nvd@nist.gov: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:qcn7606_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F466A5BD-1912-4811-9A93-81555F101D46"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:qcn7606:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0F92914E-16F6-4A25-9FEF-FB7CB3377132"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References