Back

Stack-Based Buffer Overflow In Message Parser Functionality

Publication date: May 15th, 2024

CVE ID:

CVE-2023-6322

CVSS scrore:

7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected vendors:

Roku, Wyze

Affected products:

Indoor Camera SE, Cam v3

Vulnerability details:

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.

Credit:

Alexandru Lazăr & Radu Basaraba, Bitdefender Labs