CVE-2023-23298

The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.
Configurations

Configuration 1 (hide)

cpe:2.3:a:garmin:connect-iq:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:45

Type Values Removed Values Added
References () https://developer.garmin.com/connect-iq/api-docs/Toybox/Graphics/BufferedBitmap.html#initialize-instance_function - Product () https://developer.garmin.com/connect-iq/api-docs/Toybox/Graphics/BufferedBitmap.html#initialize-instance_function - Product
References () https://developer.garmin.com/connect-iq/compatible-devices/ - Product () https://developer.garmin.com/connect-iq/compatible-devices/ - Product
References () https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23298.md - Exploit () https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23298.md - Exploit

30 May 2023, 16:50

Type Values Removed Values Added
CWE CWE-190
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:garmin:connect-iq:*:*:*:*:*:*:*:*
First Time Garmin connect-iq
Garmin
References (MISC) https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23298.md - (MISC) https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23298.md - Exploit
References (MISC) https://developer.garmin.com/connect-iq/api-docs/Toybox/Graphics/BufferedBitmap.html#initialize-instance_function - (MISC) https://developer.garmin.com/connect-iq/api-docs/Toybox/Graphics/BufferedBitmap.html#initialize-instance_function - Product
References (MISC) https://developer.garmin.com/connect-iq/compatible-devices/ - (MISC) https://developer.garmin.com/connect-iq/compatible-devices/ - Product

Information

Published : 2023-05-23 20:15

Updated : 2024-11-21 07:45


NVD link : CVE-2023-23298

Mitre link : CVE-2023-23298

CVE.ORG link : CVE-2023-23298


JSON object : View

Products Affected

garmin

  • connect-iq
CWE
CWE-190

Integer Overflow or Wraparound