CRITICAL🇬🇧 English

CVE-2020-27484

CVSS 9.9v3.1pub. 2020-11-16upd. 2024-11-21

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Garmin Forerunner 235

    HW
    Garmin
    wszystkie wersje
  • Garmin Forerunner 235 Firmware

    OS
    Garmin
    7.90 – 8.20 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-27483CRITICAL9.9ten sam produkt

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The atta...

CVE-2020-27485CRITICAL9.9ten sam produkt

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The atta...

CVE-2020-27486CRITICAL9.9ten sam produkt

Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack...

CVE-2025-27851CRITICAL9.3PL ✓ten sam vendor

WebSocket Hijacking w Garmin WDU — przejęcie kontroli przez sieć

CVE-2023-23298CRITICAL9.8ten sam vendor

The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not val...

CVE-2020-27484 — CRITICAL 9.9 | CVEbaza.pl