STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application.
References
Link | Resource |
---|---|
https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md | Exploit Third Party Advisory |
Configurations
History
09 Jan 2024, 18:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
St x-cube-safea1
St |
|
CPE | cpe:2.3:a:st:x-cube-safea1:1.2.0:*:*:*:*:stsafe-a:*:* | |
References | () https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md - Exploit, Third Party Advisory | |
CWE | CWE-120 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
02 Jan 2024, 13:47
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Jan 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-01 18:15
Updated : 2024-01-09 18:29
NVD link : CVE-2023-50096
Mitre link : CVE-2023-50096
CVE.ORG link : CVE-2023-50096
JSON object : View
Products Affected
st
- x-cube-safea1
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')