CVE-2023-40129

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 27, 2023

Updated: Oct 30, 2023

CWE ID 787

Summary

CVE-2023-40129 is a recently disclosed cybersecurity vulnerability that affects the Bluetooth Low Energy (BLE) implementation in certain devices. This issue is located in the 'build_read_multi_rsp' function within the 'gatt_sr.cc' file. The vulnerability arises due to a heap buffer overflow which can result in an out-of-bounds write event. An attacker who successfully exploits this vulnerability can execute remote code, either proximal or adjacent to the affected device, without requiring any additional privileges or user interaction.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRbMUV
https://www.cve.org/CVERecord?id=CVE-2023-40129
https://nvd.nist.gov/vuln/detail/CVE-2023-40129

Back to Vulnerability Database