Vulnerabilities > Garmin > Connect IQ

DATE CVE VULNERABILITY TITLE RISK
2023-05-23 CVE-2023-23298 Integer Overflow or Wraparound vulnerability in Garmin Connect-Iq 2.3.0/4.1.7
The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer.
network
low complexity
garmin CWE-190
critical
9.8
2023-05-23 CVE-2023-23299 Unspecified vulnerability in Garmin Connect-Iq 2.3.0/4.1.7
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely.
network
low complexity
garmin
7.5
2023-05-23 CVE-2023-23300 Classic Buffer Overflow vulnerability in Garmin Connect-Iq 4.1.7
The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data.
network
low complexity
garmin CWE-120
critical
9.8
2023-05-23 CVE-2023-23301 Out-of-bounds Read vulnerability in Garmin Connect-Iq 2.3.0/4.1.7
The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections.
network
low complexity
garmin CWE-125
critical
9.8
2023-05-23 CVE-2023-23302 Classic Buffer Overflow vulnerability in Garmin Connect-Iq 2.3.0/4.1.7
The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes.
network
low complexity
garmin CWE-120
critical
9.8
2023-05-23 CVE-2023-23303 Classic Buffer Overflow vulnerability in Garmin Connect-Iq 4.1.7
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes.
network
low complexity
garmin CWE-120
critical
9.8
2023-05-23 CVE-2023-23304 Unspecified vulnerability in Garmin Connect-Iq 2.3.0/4.1.7
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission.
network
low complexity
garmin
critical
9.1
2023-05-23 CVE-2023-23305 Classic Buffer Overflow vulnerability in Garmin Connect-Iq 2.3.0/4.1.7
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources.
network
low complexity
garmin CWE-120
critical
9.8
2023-05-23 CVE-2023-23306 Out-of-bounds Write vulnerability in Garmin Connect-Iq 2.3.0/4.1.7
The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation.
network
low complexity
garmin CWE-787
critical
9.8