Integer Overflow in eatt_l2cap_reconfig_completed: Remote Code Execution without User Interaction

Integer Overflow in eatt_l2cap_reconfig_completed: Remote Code Execution without User Interaction

CVE-2023-35681 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.