{"vulnerability": "CVE-2023-26076", "sightings": [{"uuid": "bdcd3d3b-f4cd-4274-b18c-49f3e5bdf1c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26076", "type": "seen", "source": "https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html", "content": "", "creation_timestamp": "2023-03-16T18:07:00.000000Z"}, {"uuid": "abbfa976-0710-4331-8c52-bd7a791c9c6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26076", "type": "published-proof-of-concept", "source": "Telegram/1BTDp_msRSVS1ZU79Xfuh9vg1NXx4coPKTqsslbGhQHdgWY", "content": "", "creation_timestamp": "2023-03-23T18:46:31.000000Z"}, {"uuid": "8c25ab78-0a8e-4282-ad66-07fbfff462e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26076", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2794", "content": "\ud83d\udca5Shannon Baseband: Intra-object overflow in NrSmPcoCodec when decoding reserved options(CVE-2023-26076).\nThere is an intra-object overflow in Shannon Baseband, inside the 5G SM protocol implementation (NrSmMsgCodec as it\u2019s called in Shannon according to debug strings), when decoding the \u201cExtended protocol configuration options\u201d message (IEI = 0x7B).\n\nThe problem is that the size of the content isn\u2019t checked before copying it. As the length of content can be up to 255 bytes, copying the content to one of the 6 reservedPco buffers can result in an OOB write.\nThe array that holds the \u201cReserved\u201d option data isn\u2019t in a standalone allocation, rather this array is a part of a larger structure. Thus, an OOB write as described above overwrites other data within the same structure. It is currently unclear what kind of data lies after the 6 reservedPco buffers within reach of the overwrite.\n\n\ud83d\udd16An \u201cExtended protocol configuration options\u201d message that triggers the overflow is provided in epco-reserved-poc.dat.", "creation_timestamp": "2023-03-20T14:22:52.000000Z"}, {"uuid": "83bbb424-c238-4c1f-87d9-eada36a5ae41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26076", "type": "seen", "source": "https://t.me/cibsecurity/59905", "content": "\u203c CVE-2023-26076 \u203c\n\nAn issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G SM message codec can occur due to insufficient parameter validation when decoding reserved options.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-13T17:23:33.000000Z"}]}