Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_deliver() function
Vulnerability Description
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver().
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
ofono 安全漏洞
Vulnerability Description
oFono是UBports开源的一个开源电话通讯框架。 ofono存在安全漏洞,该漏洞源于在 SMS 解码期间,decode_deliver() 函数内会触发堆栈溢出错误。
CVSS Information
N/A
Vulnerability Type
N/A