CVE-2023-50096

Published: Jan 1, 2024Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application.

Affected (1)

Products: St: X Cube Safea1

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
St X Cube Safea1	Version 1.2.0

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.