CVE-2023-32701 - Vulnerability Details - OpenCVE

Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Blackberry	Qnx Software Development Platform

Configuration 1 [-]

OR	cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:::::::*
	cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:::::::*
	cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:::::::*

No data.

References

Link	Providers
https://support.blackberry.com/kb/articleDetail?articleNumber=000112401

History

Tue, 09 Sep 2025 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20

Tue, 09 Sep 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1288

Fri, 22 Aug 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 22 Aug 2025 15:45:00 +0000

Type	Values Removed	Values Added
Description	Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.	Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.

MITRE

Status: PUBLISHED

Assigner: blackberry

Published: 2023-11-14T18:33:59.148Z

Updated: 2025-09-09T15:06:29.621Z

Reserved: 2023-05-11T20:52:48.323Z

Link: CVE-2023-32701

Vulnrichment

Updated: 2024-08-02T15:25:36.816Z

NVD

Status : Modified

Published: 2023-11-14T19:15:27.163

Modified: 2025-09-09T15:15:30.773

Link: CVE-2023-32701

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32701", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "state": "PUBLISHED", "assignerShortName": "blackberry", "dateReserved": "2023-05-11T20:52:48.323Z", "datePublished": "2023-11-14T18:33:59.148Z", "dateUpdated": "2025-09-09T15:06:29.621Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Networking Stack"], "product": "QNX Software Development Platform (SDP)", "vendor": "BlackBerry", "versions": [{"lessThanOrEqual": "7.1", "status": "affected", "version": "6.6.0", "versionType": "custom"}]}], "datePublic": "2023-11-14T18:01:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. <p></p>"}], "value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition."}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1288", "description": "CWE-1288 Improper Validation of Consistency within Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2025-09-09T15:06:29.621Z"}, "references": [{"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"}], "source": {"discovery": "UNKNOWN"}, "title": "Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:36.816Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T18:05:38.851186Z", "id": "CVE-2023-32701", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T18:05:56.808Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:36.816Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32701", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-30T18:05:38.851186Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T18:05:52.328Z"}}], "cna": {"title": "Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "BlackBerry", "modules": ["Networking Stack"], "product": "QNX Software Development Platform (SDP)", "versions": [{"status": "affected", "version": "6.6.0", "versionType": "custom", "lessThanOrEqual": "7.1"}], "defaultStatus": "unaffected"}], "datePublic": "2023-11-14T18:01:00.000Z", "references": [{"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.", "supportingMedia": [{"type": "text/html", "value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. <p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1288", "description": "CWE-1288 Improper Validation of Consistency within Input"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2025-09-09T15:06:29.621Z"}}}, "cveMetadata": {"cveId": "CVE-2023-32701", "state": "PUBLISHED", "dateUpdated": "2025-09-09T15:06:29.621Z", "dateReserved": "2023-05-11T20:52:48.323Z", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "datePublished": "2023-11-14T18:33:59.148Z", "assignerShortName": "blackberry"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF1D7FB0-C40B-4DD6-B3C5-D90FBCCBAF23", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition."}, {"lang": "es", "value": "Una validaci\u00f3n de entrada inadecuada en Networking Stack de QNX SDP versiones 6.6, 7.0 y 7.1 podr\u00eda permitir que un atacante cause potencialmente la divulgaci\u00f3n de informaci\u00f3n o una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2023-32701", "lastModified": "2025-09-09T15:15:30.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "secure@blackberry.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-14T19:15:27.163", "references": [{"source": "secure@blackberry.com", "tags": ["Vendor Advisory"], "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1288"}], "source": "secure@blackberry.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}