CVE-2023-23300

Name of the Vulnerable Software and Affected Versions CIQ API versions 3.0.0 through 4.1.7

Description The issue concerns the Toybox.Cryptography.Cipher.initialize API method, which does not validate its parameters. This lack of validation can lead to buffer overflows when copying data, potentially allowing a malicious application to hijack the execution of the device's firmware by calling the API method with specially crafted parameters.

Recommendations For CIQ API versions 3.0.0 through 4.1.7, consider disabling the Toybox.Cryptography.Cipher.initialize API method until a patch is available to prevent potential buffer overflows and hijacking of the device's firmware execution.