CVE-2023-36916

Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*

History

09 Apr 2024, 21:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html -

11 Jan 2024, 20:04

Type	Values Removed	Values Added
CPE		cpe:2.3:a:tonybybell:gtkwave:3.3.115:::::::*
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798 - Exploit, Third Party Advisory
First Time		Tonybybell Tonybybell gtkwave

Information

Published : 2024-01-08 15:15

Updated : 2024-04-09 21:15

NVD link : CVE-2023-36916

Mitre link : CVE-2023-36916

CVE.ORG link : CVE-2023-36916

JSON object : View

Products Affected

tonybybell

gtkwave

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2023-36916", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-01-08T15:15:14.990", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html", "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array."}, {"lang": "es", "value": "Existen m\u00faltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de asignaci\u00f3n FST fstReaderIterBlocks2 chain_table de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere a la asignaci\u00f3n de la matriz `chain_table_lengths`."}], "lastModified": "2024-04-09T21:15:11.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C619471-C2FB-4A2C-894C-2562A6BA76DF"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}