关键漏洞信息 Issue Summary: Title: Heap buffer overflow in NrmmMsgCodec when decoding Emergency number list Description: - There is a heap buffer overflow in Shannon baseband within the 5G MM protocol implementation. - The issue occurs in the when handling the "Emergency number list" message. - The overflow can be triggered by embedding 9 short numbers and one large number in the "Emergency number list" message. Technical Details: Vulnerability Type: Heap buffer overflow Location: Shannon baseband ( ) Condition: Occurs during the decoding of "Emergency number list" message (IEI = 0x34). Memory Allocation: Allocates a heap buffer for 10 emergency numbers, with each number having a maximum of 22 bytes (total 221 bytes). Overflow Trigger: Message can declare a number up to 255 bytes, each byte decoded as 2 bytes in output buffer (up to 510 bytes). Provided POC: Additional Information: CVE ID: CVE-2023-26072 Severity: S1 Priority: P2 Status: Fixed Fixed Date: Mar 7, 2023 Disclosure Deadline: 2023-03-15 Deadline Exceeded: Yes Methodology: Binary review Product: Shannon