CVE-2023-0847
MEDIUMdash7_alliance_protcol < 0.5.0 - Out-of-bounds Write
Title source: llmDescription
The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-047-13
Vendor Advisory vendor-advisory
https://github.com/Sub-IoT/Sub-IoT-Stack/security/advisories/GHSA-ggxh-88wc-c4fg
Scores
CVSS v3
5.3
EPSS
0.0082
EPSS Percentile
52.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (1)
dash7-alliance/dash7_alliance_protcol
< 0.5.0
Published
Mar 01, 2023
Tracked Since
Feb 18, 2026