CVE-2023-23305

Name of the Vulnerable Software and Affected Versions GarminOS TVM component in CIQ API versions 1.0.0 through 4.1.7

Description The issue concerns buffer overflows that occur when loading binary resources. A malicious application could embed specially crafted resources to potentially hijack the execution of the device's firmware.

Recommendations For versions 1.0.0 through 4.1.7, consider restricting the loading of binary resources from untrusted sources until a patch is available. As a temporary workaround, avoid using the CIQ API to load binary resources from potentially malicious applications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.