{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20796", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2022-10-28T02:03:10.781Z", "datePublished": "2023-08-07T03:21:29.719Z", "dateUpdated": "2024-10-17T14:33:14.157Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2023-08-07T03:21:29.719Z"}, "descriptions": [{"lang": "en", "value": "In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MT2735, MT2737, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6886, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8321, MT8768, MT8781, MT8786", "versions": [{"version": "Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3 / Yocto 2.6, 3.3", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Denial of Service"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:14:40.983Z"}, "title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/August-2023", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-17T14:32:20.334039Z", "id": "CVE-2023-20796", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T14:33:14.157Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/August-2023", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:14:40.983Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20796", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-17T14:32:20.334039Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T14:33:08.413Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MT2735, MT2737, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6886, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8321, MT8768, MT8781, MT8786", "versions": [{"status": "affected", "version": "Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3 / Yocto 2.6, 3.3"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"}], "descriptions": [{"lang": "en", "value": "In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2023-08-07T03:21:29.719Z"}}}, "cveMetadata": {"cveId": "CVE-2023-20796", "state": "PUBLISHED", "dateUpdated": "2024-10-17T14:33:14.157Z", "dateReserved": "2022-10-28T02:03:10.781Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2023-08-07T03:21:29.719Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", "vulnerable": true}, {"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", "matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469", "vulnerable": true}, {"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", "vulnerable": true}, {"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C2A1118-B5F7-4EF5-B329-0887B5F3430E", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790."}], "id": "CVE-2023-20796", "lastModified": "2024-11-21T07:41:32.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-07T04:15:13.457", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/August-2023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/August-2023"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}