Skip to content

Garmin Forerunner 235 before 8.20 is affected by: Integer...

Critical severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 29, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.

References

Published by the National Vulnerability Database Nov 16, 2020
Published to the GitHub Advisory Database May 24, 2022
Last updated Jan 29, 2023

Severity

Critical

EPSS score

0.153%
(53rd percentile)

Weaknesses

CVE ID

CVE-2020-27484

GHSA ID

GHSA-q449-r33x-v693

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.