CVE-2023-2794

HIGH 8.1

Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_deliver() function

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver().

CWE	CWE-119
Published	Apr 10, 2024
Last Updated	Nov 4, 2025

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2255387 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO/

Credits

Red Hat would like to thank Mitch Zakocs (Trend Micro Zero Day Initiative) for reporting this issue.