CVE-2023-29468

Published: Aug 14, 2023Modified: May 5, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.

Affected (3)

Products: Ti: Wilink8 Wifi Mcp8

1 product

Wilink8 Wifi Mcp8

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ti Wilink8 Wifi Mcp8	Before 8.5
Ti Wilink8 Wifi Mcp8	Version 8.5
Ti Wilink8 Wifi Mcp8	Version 8.5 sp3

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.ti.com/lit/swra773

Source: cve@mitre.org

Vendor Advisory

https://www.ti.com/lit/swra773

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.