Security Advisory

CVE-2023-23306

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-23 00:00:00

Last updated 2025-01-31 13:48:21

Assigner mitre

State PUBLISHED

Description

The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the devices firmware.

← Browse all CVEs View on cve.org ↗