anvilsecure

7 exploits Active since May 2023
CVE-2023-23298 WRITEUP CRITICAL WRITEUP
Garmin Connect-iq < 4.1.7 - Integer Overflow
The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.
CVSS 9.8
CVE-2023-23299 WRITEUP HIGH WRITEUP
Garmin Connect-iq < 4.1.7 - Incorrect Authorization
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.
CVSS 7.5
CVE-2023-23300 WRITEUP CRITICAL WRITEUP
Garmin Connect-iq < 4.1.7 - Buffer Overflow
The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.
CVSS 9.8
CVE-2023-23303 WRITEUP CRITICAL WORKING POC
Garmin Connect-iq < 4.1.7 - Buffer Overflow
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.
CVSS 9.8
CVE-2023-23304 WRITEUP CRITICAL WRITEUP
Garmin Connect-iq < 4.1.7 - Incorrect Authorization
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information.
CVSS 9.1
CVE-2023-23305 WRITEUP CRITICAL WRITEUP
Garmin Connect-iq < 4.1.7 - Buffer Overflow
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.
CVSS 9.8
CVE-2023-23306 WRITEUP CRITICAL WRITEUP
Garmin Connect-iq < 4.1.7 - Out-of-Bounds Write
The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device's firmware.
CVSS 9.8