CVE-2019-11848Out-of-bounds Write in Aleos

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer2 documents2 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 96.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sierrawireless Aleos
Timeline
PublishedAug 21
Latest updateMay 24

Description

An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDsierrawireless/aleos< 4.13.0+2

🔴Vulnerability Details

1
GHSA
GHSA-qf95-xqrm-c4mg: An API abuse vulnerability exists in the AT command API of ALEOS before 42022-05-24
CVE-2019-11848 — Out-of-bounds Write in Aleos | cvebase