Vulnerability Description
The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Garmin | Connect-Iq | >= 2.3.0, <= 4.1.7 |
Related Weaknesses (CWE)
References
- https://developer.garmin.com/connect-iq/api-docs/Toybox/Graphics/BufferedBitmap.Product
- https://developer.garmin.com/connect-iq/compatible-devices/Product
- https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-Exploit
- https://developer.garmin.com/connect-iq/api-docs/Toybox/Graphics/BufferedBitmap.Product
- https://developer.garmin.com/connect-iq/compatible-devices/Product
- https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-Exploit
FAQ
What is CVE-2023-23298?
CVE-2023-23298 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying...
How severe is CVE-2023-23298?
CVE-2023-23298 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-23298?
Check the references section above for vendor advisories and patch information. Affected products include: Garmin Connect-Iq.