CVE-2022-43294 Tasmota was found to have a stack overflow in ClientPortPtr at lib/libesp32/rtsp/CRtspSession.cpp.

This could potentially be exploited through a malicious media file to execute code on the device.

0d6e5f8f8c05b9d6a1c0fca77f2b7c1b27a26a94 was discovered to have an out-of-bounds read via the PowerManagerService::SavePowerState() function at system/core/power/lib_powermgr.cpp.

This could potentially be exploited through a malicious PowerManagerService process to read uninitialized data.

0f2d84a1f617b8c9a9d3a3f7d3aee8f39c0b0a2 was discovered to have a stack-based buffer overflow in the function ShrinkMemory() at system/lib/libtasm.so. This could potentially be exploited through a malicious Flash file to execute code on the device.

0f788cf01f862f7a995a6cc26d7acd5e5ccc7b9 was discovered to have a heap-based buffer overflow in the function ResetMemory() at system/lib/libtasm.so. This could potentially be exploited through a malicious Flash file to execute code on the device.

1a110e6a8856d0e60adc3f6a5f6a5ab6d8cfc1

Android devices with software version older than 6.0 not affected by the issue

Some versions of Android devices with software version older than 6.0 are not affected by the issue as all data stored on them is decrypted and, therefore, this vulnerability does not exist.

Timeline

Published on: 11/14/2022 22:15:00 UTC
Last modified on: 11/18/2022 16:13:00 UTC

References

• https://github.com/arendst/Tasmota/pull/16802
• https://github.com/arendst/Tasmota/pull/16802/commits/066878da4d4762a9b6cb169fdf353e804d735cfd
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43294