Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 23/05/2023 Updated: 30/05/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 up to and including 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device's firmware.

Vulnerable Product	Search on Vulmon	Subscribe to Product
garmin connect-iq

CWE-787 https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23306.md https://developer.garmin.com/connect-iq/api-docs/Toybox/Ant/BurstPayload.html#add-instance_function https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-23306

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect