CVE-2023-40465 — Stack-based Buffer Overflow in Aleos

CWE-121 — Stack-based Buffer Overflow CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

5.5MEDIUMNVD

CNA8.3

EPSS

0.0%

top 99.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sierrawireless Aleos

Timeline

PublishedDec 4

Latest updateDec 5

Description

Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sierrawireless/aleos4.10 — 4.16+1

▶NVDsierrawireless/aleos4.16.0

🔴Vulnerability Details

GHSA

GHSA-2vrx-x739-p6p6: Several versions of ALEOS, including ALEOS 4↗2023-12-05

▶

CVEList

Improper input leads to DoS↗2023-12-04

▶