PT-2023-18892 · Ciq Api · Ciq Api
Published
2023-05-23
·
Updated
2023-05-30
·
CVE-2023-23298
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CIQ API versions 2.3.0 through 4.1.7
Description
The
Toybox.Graphics.BufferedBitmap.initialize API method does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.Recommendations
For CIQ API versions 2.3.0 through 4.1.7, as a temporary workaround, consider disabling the
Toybox.Graphics.BufferedBitmap.initialize API method until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ciq Api