How severe is CVE-2023-36998?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.9 out of 10.

What type of vulnerability is CVE-2023-36998?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2023-36998 - HIGH Severity | CVSS 8.9

Q: What is CVE-2023-36998?

The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE core.

Vulnerability Description

The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a263545b32a4109df) contains a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker may send a NAS message containing an oversized Emergency Number List value to the MME to overwrite the stack with arbitrary bytes. An attacker with a cellphone connection to any base station managed by the MME may exploit this vulnerability without having to authenticate with the LTE core.

Related Vulnerabilities

CVE-2023-6095

HIGH

CVSS:8.9(High)

Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrar...

CWE-1212023

CVE-2023-6116

HIGH

CVSS:8.9(High)

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The ...

CWE-1212023

CVE-2017-13089

HIGH

CVSS:8.8(High)

The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to rea...

CWE-1212017

CVE-2017-2630

HIGH

CVSS:8.8(High)

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'N...

CWE-1212017

CVE-2017-3193

HIGH

CVSS:8.8(High)

Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.

CWE-1212017

CVE-2017-6035

HIGH

CVSS:8.8(High)

A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when ...

CWE-1212017