CVE-2023-43512

Published: Jan 2, 2024Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: product-security@qualcomm.com (Secondary)

Description

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.

Affected (1)

Products: Qualcomm: Qcn7606 Firmware

Qualcomm

1 product

Qcn7606 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcn7606 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcn7606	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-126

Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin

Source: product-security@qualcomm.com

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.