CVE-2023-0847

CVSS 5.3 · Medium EPSS 2.27% · P85 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-0847

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

跨界内存写

Source: NVD (National Vulnerability Database)

Vulnerability Title

Sub-IoT 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Sub-IoT是Sub-IoT的Dash7 联盟协议的开源堆栈。 Sub-IoT DASH 7 Alliance protocol implementation 0.5.0 之前版本存在缓冲区错误漏洞，该漏洞源于Sub-IoT 存在一个安全问题，可导致越界写入，如果协议是使用默认设置编译的，这将只允许攻击者访问已分配但未使用的内存，但是，如果使用非默认设置进行配置，攻击者利用该漏洞可以可能会导致系统崩溃和远程代码执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Sub-IoT	DASH 7 Alliance Protocol stack implementation	0 ~ 0.5.0	-

II. Public POCs for CVE-2023-0847

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-0847

请登录查看更多情报信息。

https://www.cisa.gov/news-events/ics-advisories/icsa-23-047-13government-resource
https://github.com/Sub-IoT/Sub-IoT-Stack/security/advisories/GHSA-ggxh-88wc-c4fgvendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-0847

IV. Related Vulnerabilities

Same weakness: CWE-787

V. Comments for CVE-2023-0847

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-0847

I. Basic Information for CVE-2023-0847

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-0847

III. Intelligence Information for CVE-2023-0847

IV. Related Vulnerabilities

V. Comments for CVE-2023-0847

Leave a comment