CVE-2024-7542 — Use of Uninitialized Variable in Ofono

CWE-457 — Use of Uninitialized Variable CWE-908 — Use of Uninitialized Resource6 documents6 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 69.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ofono Ofono Project Ofono

Timeline

PublishedAug 6

Latest updateApr 16

Description

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CMGR commands. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ofono/ofono1.34

▶NVDofono_project/ofono1.34

🔴Vulnerability Details

GHSA

GHSA-5v2c-phpf-wrv5: oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability↗2024-08-06

▶

OSV

CVE-2024-7542: oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability↗2024-08-06

▶

CVEList

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability↗2024-08-05

▶

📋Vendor Advisories

Ubuntu

oFono vulnerabilities↗2026-04-16

▶

Debian

CVE-2024-7542: ofono - oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerabilit...↗2024

▶