CVE-2023-4235

Summary

CVE-2023-4235 is a newly discovered vulnerability in the Open Source Telephony software on Linux named ofono. This issue involves a stack overflow bug in the decode_deliver_report() function during SMS decoding. The flaw is triggered by a length miscalculation during a memcpy operation, which can result in memory corruption. An attacker could potentially exploit this vulnerability by sending a maliciously crafted SMS message. The vulnerability arises due to a missing length check in decode_deliver_report(), while one exists in the preceding decode_submit() function. This oversight increases the risk of stack overflow attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.