CVE-2022-38693

CVSS 9.8 CRITICALEPSS 0.8%CWE-119

In short

FDL1 fails to check the size of incoming data before storing it in memory, allowing an attacker to overflow a buffer and potentially crash the system or execute malicious code.

Technical detail

A missing payload size validation in FDL1 permits an unauthenticated network attacker to trigger a stack or heap buffer overflow by sending oversized data, potentially achieving remote code execution without elevated privileges.

Summary generated and translated by AI from the official description.

In FDL1, there is a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Unisoc (Shanghai) Technologies Co., Ltd. · SC9863A//T310/T610/T618/T606/T612/T616/T760/T770/T820/S8000/T750/T765

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.nccgroup.com/research-blog/there-s-another-hole-in-your-soc-unisoc-rom-vulnerabilities/