7.8
CVE-2023-36746
- EPSS 0.37%
- Veröffentlicht 08.01.2024 15:15:13
- Zuletzt bearbeitet 04.11.2025 19:15:46
- Quelle talos-cna@cisco.com
- CVE-Watchlists
- Unerledigt
LoginMultiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when parsing the time table.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tonybybell ≫ Gtkwave Version3.3.115
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.288 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| talos-cna@cisco.com | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1793
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1793