How severe is CVE-2023-51455?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2023-51455?

This is classified as CWE-129, which is a common weakness in software security.

CVE-2023-51455 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.

Related Vulnerabilities

CVE-2020-11308

MEDIUM

CVSS:6.8(Medium)

Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consum...

CWE-1292020

CVE-2022-33289

MEDIUM

CVSS:6.8(Medium)

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

CWE-1292022

CVE-2021-30325

MEDIUM

CVSS:6.7(Medium)

Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap...

CWE-1292021

CVE-2021-35121

MEDIUM

CVSS:6.7(Medium)

An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, ...

CWE-1292021

CVE-2022-31603

MEDIUM

CVSS:6.7(Medium)

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause ...

CWE-1292022

CVE-2023-20633

MEDIUM

CVSS:6.7(Medium)

In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...

CWE-1292023