CVE-2023-35681Integer Overflow or Wraparound in Packages Modules Bluetooth

CWE-190Integer Overflow or WraparoundCWE-787Out-of-bounds Write5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 29.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Packages Modules BluetoothGoogle Android
Timeline
PublishedSep 11

Description

In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Androidplatform/packages_modules_bluetooth13-next:013-next:2023-09-01+1
CVEListV5google/android13
NVDgoogle/android13.0

🔴Vulnerability Details

3
GHSA
GHSA-49c5-gw3c-qmq4: In eatt_l2cap_reconfig_completed of eatt_impl2023-09-11
CVEList
CVE-2023-35681: In eatt_l2cap_reconfig_completed of eatt_impl2023-09-11
OSV
CVE-2023-35681: In eatt_l2cap_reconfig_completed of eatt_impl2023-09-01

📋Vendor Advisories

1
Android
CVE-2023-35681: Android Security Bulletin 2023-09-01 CVE: CVE-2023-35681 Severity: CRITICAL Type: RCE Affected AOSP versions: 13 References: A-2713358992023-09-01
CVE-2023-35681 — Integer Overflow or Wraparound | cvebase