CVE-2024-23963

Published Jan 31, 2025

Last updated 9 days ago

Overview

Description
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the PBAP_DecodeVCARD function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
Source
ics-cert@hq.dhs.gov
NVD status
Awaiting Analysis

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-863

Social media

Hype score
Not currently trending

  1. CVE-2024-23963 (CVSS:8.8, HIGH) is Awaiting Analysis. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9..https://t.co/dOBWkqTu6I #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    5 Feb 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References