CVE-2023-37923

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*

History

21 Nov 2024, 08:12

Type	Values Removed	Values Added
References	~~() https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html -~~	() https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html -
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807 - Exploit, Third Party Advisory~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807 - Exploit, Third Party Advisory

09 Apr 2024, 21:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html -

11 Jan 2024, 17:59

Type	Values Removed	Values Added
First Time		Tonybybell gtkwave Tonybybell
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807 - Exploit, Third Party Advisory
CPE		cpe:2.3:a:tonybybell:gtkwave:3.3.115:::::::*
CWE		NVD-CWE-Other
Summary		(es) Existen múltiples vulnerabilidades de escritura arbitraria en la funcionalidad VCD sorted bsearch de GTKWave 3.3.115. Un archivo .vcd especialmente manipulado puede provocar la ejecución de código arbitrario. Una víctima necesitaría abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere a la escritura arbitraria cuando se activa mediante la utilidad de conversión vcd2lxt.

08 Jan 2024, 18:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1807', 'source': 'talos-cna@cisco.com'}~~

08 Jan 2024, 15:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-08 15:15

Updated : 2024-11-21 08:12

NVD link : CVE-2023-37923

Mitre link : CVE-2023-37923

CVE.ORG link : CVE-2023-37923

JSON object : View

Products Affected

tonybybell

gtkwave

CWE

CWE-118

Incorrect Access of Indexable Resource ('Range Error')

NVD-CWE-Other

7.8 /10