CVE-2023-28582

Name of the Vulnerable Software and Affected Versions Qualcomm embedded platform (affected versions not specified) Data Modem (affected versions not specified)

Description The issue is related to memory corruption in the Data Modem during the DTLS handshake, specifically when verifying the hello-verify message. This is caused by a buffer copy operation without checking the size of the input data, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For Qualcomm embedded platforms, consider restricting access to the DTLS handshake functionality until a patch is available. For Data Modem, as a temporary workaround, consider disabling the hello-verify message verification during the DTLS handshake until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.