Ofono Project Ofono vulnerabilities

CVE-2024-7546 [HIGH] CWE-122 CVE-2024-7546: oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability a oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK c

CVE-2024-7545 [HIGH] CWE-122 CVE-2024-7545: oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability a oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK c

CVE-2024-7547 [HIGH] CWE-121 CVE-2024-7547: oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of SMS

CVE-2024-7544 [HIGH] CWE-122 CVE-2024-7544: oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability a oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK c

CVE-2024-7538 [HIGH] CWE-121 CVE-2024-7538: oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability a oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of respo

CVE-2024-7539 [HIGH] CWE-121 CVE-2024-7539: oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from A

CVE-2024-7543 [HIGH] CWE-122 CVE-2024-7543: oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability a oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK c

CVE-2024-7537 [MEDIUM] CWE-125 CVE-2024-7537: oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability a oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMS message lists. The issue results from the la

CVE-2024-7541 [LOW] CWE-457 CVE-2024-7541: oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing

CVE-2024-7540 [LOW] CWE-457 CVE-2024-7540: oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerabilit oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsin

CVE-2024-7542 [LOW] CWE-457 CVE-2024-7542: oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerabilit oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsin

CVE-2023-4232 [HIGH] CWE-119 CVE-2023-4232: A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered with A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it

CVE-2023-4233 [HIGH] CWE-119 CVE-2023-4233: A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered with A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during the SMS PDU decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS.

CVE-2023-4235 [HIGH] CWE-119 CVE-2023-4235: A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered with A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it

CVE-2023-4234 [HIGH] CWE-119 CVE-2023-4234: A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered with A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it

CVE-2023-2794 [HIGH] CWE-119 CVE-2023-2794: A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered with A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was fo