CVE-2023-40250

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hancom:hcell:12.0.0.893:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

18 Jan 2024, 20:24

Type	Values Removed	Values Added
First Time		Microsoft windows Hancom Hancom hcell Microsoft
CPE		cpe:2.3:a:hancom:hcell:12.0.0.893:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
References	~~() https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80 -~~	() https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80 - Product

12 Jan 2024, 13:47

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de copia de búfer sin verificar el tamaño de la entrada ('desbordamiento de búfer clásico') en Hancom HCell en Windows permite desbordamiento de búferes. Este problema afecta a HCell: 12.0.0.893.

12 Jan 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-12 02:15

Updated : 2024-01-18 20:24

NVD link : CVE-2023-40250

Mitre link : CVE-2023-40250

CVE.ORG link : CVE-2023-40250

JSON object : View

Products Affected

hancom

hcell

microsoft

windows

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2023-40250", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "vuln@krcert.or.kr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-01-12T02:15:44.380", "references": [{"url": "https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80", "tags": ["Product"], "source": "vuln@krcert.or.kr"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}, {"type": "Secondary", "source": "vuln@krcert.or.kr", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.\n\n"}, {"lang": "es", "value": "La vulnerabilidad de copia de b\u00fafer sin verificar el tama\u00f1o de la entrada ('desbordamiento de b\u00fafer cl\u00e1sico') en Hancom HCell en Windows permite desbordamiento de b\u00faferes. Este problema afecta a HCell: 12.0.0.893."}], "lastModified": "2024-01-18T20:24:35.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hancom:hcell:12.0.0.893:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0603140-5FD3-4991-8F6A-374C4CD44945"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vuln@krcert.or.kr"}