CVE-2023-2794 - OpenCVE

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver().

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Fedoraproject	Fedora
Linux	Ofono
Ofono	Ofono
Ofono Project	Ofono

Configuration 1 [-]

cpe:2.3:a:ofono_project:ofono:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=2255387
https://lists.fedoraproject.org/archives/list/[email protected]/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO/

History

Tue, 04 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.fedoraproject.org/archives/list/[email protected]/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO/

Tue, 04 Nov 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux ofono
CPEs		cpe:2.3:a:linux:ofono::::::::
Vendors & Products		Linux Linux ofono
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 06 Aug 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fedoraproject Fedoraproject fedora Ofono Project Ofono Project ofono
CPEs		cpe:2.3:a:ofono_project:ofono:::::::: cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:fedoraproject:fedora:40:::::::*
Vendors & Products		Fedoraproject Fedoraproject fedora Ofono Project Ofono Project ofono

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2024-04-10T10:15:43.908Z

Updated: 2025-11-04T18:14:26.729Z

Reserved: 2023-05-18T12:42:16.295Z

Link: CVE-2023-2794

Vulnrichment

Updated: 2025-11-04T18:14:26.729Z

NVD

Status : Modified

Published: 2024-04-10T11:15:48.280

Modified: 2025-11-04T19:15:42.503

Link: CVE-2023-2794

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-2794", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2023-05-18T12:42:16.295Z", "datePublished": "2024-04-10T10:15:43.908Z", "dateUpdated": "2025-11-04T18:14:26.729Z"}, "containers": {"cna": {"title": "Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_deliver() function", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver()."}], "affected": [{"versions": [{"status": "unaffected", "version": "2.5", "lessThan": "*", "versionType": "custom"}], "packageName": "ofono", "collectionURL": "https://git.kernel.org/pub/scm/network/ofono/ofono.git"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255387", "name": "RHBZ#2255387", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-12-20T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "timeline": [{"lang": "en", "time": "2023-12-20T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-12-20T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Mitch Zakocs (Trend Micro Zero Day Initiative) for reporting this issue."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:37:57.665Z"}}, "adp": [{"affected": [{"vendor": "linux", "product": "ofono", "cpes": ["cpe:2.3:a:linux:ofono:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-03T15:40:32.798851Z", "id": "CVE-2023-2794", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T16:59:20.752Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255387", "name": "RHBZ#2255387", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T18:14:26.729Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255387", "name": "RHBZ#2255387", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T18:14:26.729Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2794", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-03T15:40:32.798851Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:linux:ofono:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "ofono", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T16:59:17.706Z"}}], "cna": {"title": "Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_deliver() function", "credits": [{"lang": "en", "value": "Red Hat would like to thank Mitch Zakocs (Trend Micro Zero Day Initiative) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "unaffected", "version": "2.5", "lessThan": "*", "versionType": "custom"}], "packageName": "ofono", "collectionURL": "https://git.kernel.org/pub/scm/network/ofono/ofono.git"}], "timeline": [{"lang": "en", "time": "2023-12-20T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-12-20T00:00:00+00:00", "value": "Made public."}], "datePublic": "2023-12-20T00:00:00.000Z", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255387", "name": "RHBZ#2255387", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver()."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:37:57.665Z"}, "x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}}, "cveMetadata": {"cveId": "CVE-2023-2794", "state": "PUBLISHED", "dateUpdated": "2025-11-04T18:14:26.729Z", "dateReserved": "2023-05-18T12:42:16.295Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2024-04-10T10:15:43.908Z", "assignerShortName": "fedora"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ofono_project:ofono:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6411B8D-6CF2-4AB1-B3BB-A02BD2CD52C0", "versionEndExcluding": "2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver()."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en ofono, una telefon\u00eda de c\u00f3digo abierto en Linux. Se activa un error de desbordamiento de pila dentro de la funci\u00f3n decode_deliver() durante la decodificaci\u00f3n de SMS. Se supone que se puede acceder al escenario del ataque desde un m\u00f3dem comprometido, una estaci\u00f3n base maliciosa o simplemente un SMS. Hay una verificaci\u00f3n vinculada para esta longitud de memcpy en decode_submit(), pero se olvid\u00f3 en decode_deliver()."}], "id": "CVE-2023-2794", "lastModified": "2025-11-04T19:15:42.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-04-10T11:15:48.280", "references": [{"source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/RLAWJAAS3HDI2KMCZXF4DMR3Y4BQNMKO/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "[email protected]", "type": "Secondary"}]}