CVE-2023-4232

Summary

CVE-2023-4232 is a newly identified vulnerability affecting the Open Source Telephony software on Linux, specifically ofono. This issue results from a stack overflow bug discovered in the decode_status_report() function, which occurs during SMS decoding. The flaw is triggered when there is an incorrect length check in the memcpy function call. This oversight in the boundary check was present in both decode_submit() and decode_status_report() functions. An attacker could potentially exploit this vulnerability through a compromised modem, a malicious base station, or even by sending a specially crafted SMS message.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.