CVE-2023-29468: Buffer Overflow
The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.
Affected Software
Event History
Frequently Asked Questions
What is CVE-2023-29468?
CVE-2023-29468 is a vulnerability in the Texas Instruments (TI) WiLink WL18xx MCP driver that allows a buffer overflow to be triggered through specially crafted frames, potentially leading to remote code execution.
How does CVE-2023-29468 impact Texas Instruments (TI) WiLink WL18xx MCP driver?
CVE-2023-29468 allows an attacker to trigger a buffer overflow in the driver through specially crafted frames, which can potentially result in remote code execution.
What is the severity of CVE-2023-29468?
CVE-2023-29468 has a severity rating of 9.8 out of 10, indicating it is a critical vulnerability.
Which versions of Texas Instruments (TI) WiLink WL18xx MCP driver are affected by CVE-2023-29468?
Versions 8.5 and 8.5-sp3 of the Texas Instruments (TI) WiLink WL18xx MCP driver are affected by CVE-2023-29468.
How can CVE-2023-29468 be mitigated or fixed?
To mitigate CVE-2023-29468, it is recommended to apply the latest security updates provided by Texas Instruments. Additionally, users should follow best practices for network security and limit network access to trusted devices only.