Login Sign Up

CVE-2023-4234

8.1 HIGH
Remote Code Execution

📋 TL;DR

CVE-2023-4234 is a stack overflow vulnerability in ofono's SMS decoding function that allows remote code execution. Attackers can exploit this via SMS messages, compromised modems, or malicious base stations. Linux systems using ofono for telephony services are affected.

💻 Affected Systems

Products:
  • ofono
Versions: All versions before the fix
Operating Systems: Linux distributions using ofono
Default Config Vulnerable: ⚠️ Yes
Notes: Systems with ofono enabled for SMS/telephony services; common in embedded/IoT devices and some Linux distributions

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Ofono by Ofono Project

View all CVEs affecting Ofono →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, privilege escalation, and persistent backdoor installation

🟠

Likely Case

Service disruption, denial of service, or limited code execution within ofono context

🟢

If Mitigated

Contained impact with proper network segmentation and SMS filtering

🌐 Internet-Facing: MEDIUM - Requires SMS access or compromised modem/base station, not directly internet-exposed
🏢 Internal Only: HIGH - Internal SMS infrastructure and telephony systems are directly vulnerable

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted SMS messages or compromising modem/base station

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check distribution-specific updates (Fedora, RHEL, etc.)

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2255399

Restart Required: Yes

Instructions:

1. Check your distribution's security advisories 2. Update ofono package via package manager 3. Restart ofono service or reboot system

🔧 Temporary Workarounds

Disable SMS functionality

linux

Temporarily disable SMS processing in ofono if not required

systemctl stop ofono
systemctl disable ofono

Network segmentation

all

Isolate telephony systems from critical networks

🧯 If You Can't Patch

  • Implement SMS filtering/gateway to block malicious SMS messages
  • Isolate affected systems in network segments with strict firewall rules

🔍 How to Verify

Check if Vulnerable:

Check ofono version: ofonod --version or rpm -q ofono

Check Version:

ofonod --version 2>/dev/null || rpm -q ofono 2>/dev/null || dpkg -l | grep ofono

Verify Fix Applied:

Verify updated package version and restart ofono service

📡 Detection & Monitoring

Log Indicators:

  • ofono crash logs
  • segmentation faults in system logs
  • unusual SMS processing errors

Network Indicators:

  • Unusual SMS traffic patterns
  • SMS from unexpected sources

SIEM Query:

source="ofono" AND (error OR crash OR segfault)

📊 Metadata

CVE ID: CVE-2023-4234
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: April 17, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4234, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)