CVE-2024-23963
Published: 31 January 2025
Description
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the PBAP_DecodeVCARD function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
Security Summary
CVE-2024-23963 is a stack-based buffer overflow vulnerability in Alpine Halo9 devices. The issue resides in the PBAP_DecodeVCARD function, which fails to properly validate the length of user-supplied data before copying it to a stack-based buffer. This flaw, classified under CWE-94 (code injection), enables network-adjacent attackers to execute arbitrary code on affected installations.
To exploit this vulnerability, an attacker must first obtain the ability to pair a malicious Bluetooth device with the target system. Network-adjacent attackers with no privileges (PR:N) but requiring user interaction (UI:R) can then leverage the buffer overflow to execute code in the context of root, achieving high confidentiality, integrity, and availability impacts (C:H/I:H/A:H). The CVSS v3.1 base score is 8.0 (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Details on mitigation and patches are available in the Zero Day Initiative advisory at https://www.zerodayinitiative.com/advisories/ZDI-24-850/.
Details
- CWE(s)