CVE-2023-4234
Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_submit_report() function
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_submit_report().
| CWE | CWE-119 |
| Vendor | n/a |
| Product | ofono |
| Published | Apr 17, 2024 |
| Last Updated | Nov 4, 2025 |
Stay Ahead of the Next One
Get instant alerts for n/a ofono
Be the first to know when new high vulnerabilities affecting n/a ofono are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
n/a / ofono
All versions affected Fedora / Fedora
All versions affected References
bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2255399 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/NBTPKR3LYTTLROPXF77FL4SPLXVHNC4T/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/VG6FHQITWUNHBDGPXUQ77SZK5O5BYIBZ/
Credits
Red Hat would like to thank Mitch Zakocs (Trend Micro Zero Day Initiative) for reporting this issue.