VYPR

CIQ API

by Garmin

CVEs (3)

  • CVE-2023-23302May 23, 2023
    risk 0.00cvss epss 0.01

    The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object…

  • CVE-2023-23306May 23, 2023
    risk 0.00cvss epss 0.01

    The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call…

  • CVE-2023-23299May 23, 2023
    risk 0.00cvss epss 0.01

    The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and…