CVE-2023-4232 - Vulnerability Details - OpenCVE

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_status_report().

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Ofono Project	Ofono

Configuration 1 [-]

cpe:2.3:a:ofono_project:ofono:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=2255394

History

Wed, 06 Aug 2025 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fedoraproject Fedoraproject fedora Ofono Project Ofono Project ofono
CPEs		cpe:2.3:a:ofono_project:ofono:::::::: cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:fedoraproject:fedora:40:::::::*
Vendors & Products		Fedoraproject Fedoraproject fedora Ofono Project Ofono Project ofono

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2024-04-17T22:49:12.892Z

Updated: 2024-08-02T07:24:03.389Z

Reserved: 2023-08-08T08:01:09.933Z

Link: CVE-2023-4232

Vulnrichment

Updated: 2024-08-02T07:24:03.389Z

NVD

Status : Analyzed

Published: 2024-04-17T23:15:06.970

Modified: 2025-08-06T18:58:32.737

Link: CVE-2023-4232

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4232", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2023-08-08T08:01:09.933Z", "datePublished": "2024-04-17T22:49:12.892Z", "dateUpdated": "2024-08-02T07:24:03.389Z"}, "containers": {"cna": {"title": "Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_status_report() function", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_status_report()."}], "affected": [{"product": "ofono", "vendor": "n/a", "versions": [{"version": "2.1", "status": "unaffected"}]}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "ofono", "defaultStatus": "affected"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255394", "name": "RHBZ#2255394", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-12-20T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "timeline": [{"lang": "en", "time": "2023-12-20T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-12-20T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Mitch Zakocs (Trend Micro Zero Day Initiative) for reporting this issue."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-17T22:49:12.892Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4232", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-23T16:01:09.656026Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:27:13.428Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:03.389Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255394", "name": "RHBZ#2255394", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255394", "name": "RHBZ#2255394", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:03.389Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4232", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-23T16:01:09.656026Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-23T15:59:23.751Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_status_report() function", "credits": [{"lang": "en", "value": "Red Hat would like to thank Mitch Zakocs (Trend Micro Zero Day Initiative) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "ofono", "versions": [{"status": "unaffected", "version": "2.1"}]}, {"vendor": "Fedora", "product": "Fedora", "packageName": "ofono", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2023-12-20T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-12-20T00:00:00+00:00", "value": "Made public."}], "datePublic": "2023-12-20T00:00:00+00:00", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255394", "name": "RHBZ#2255394", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_status_report()."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-17T22:49:12.892Z"}, "x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}}, "cveMetadata": {"cveId": "CVE-2023-4232", "state": "PUBLISHED", "dateUpdated": "2024-08-02T07:24:03.389Z", "dateReserved": "2023-08-08T08:01:09.933Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2024-04-17T22:49:12.892Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ofono_project:ofono:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9E3838F-EBD0-4FAD-BC50-A1A6AF787F58", "versionEndExcluding": "2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_status_report()."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en ofono, una telefon\u00eda de c\u00f3digo abierto en Linux. Se activa un error de desbordamiento de pila dentro de la funci\u00f3n decode_status_report() durante la decodificaci\u00f3n de SMS. Se supone que se puede acceder al escenario del ataque desde un m\u00f3dem comprometido, una estaci\u00f3n base maliciosa o simplemente un SMS. Hay una verificaci\u00f3n vinculada para esta longitud de memcpy en decode_submit(), pero se olvid\u00f3 en decode_status_report()."}], "id": "CVE-2023-4232", "lastModified": "2025-08-06T18:58:32.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "patrick@puiterwijk.org", "type": "Secondary"}]}, "published": "2024-04-17T23:15:06.970", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking", "Exploit", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255394"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Exploit", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255394"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}