9.1
CVE-2023-46586
- EPSS 0.63%
- Veröffentlicht 09.10.2024 06:15:13
- Zuletzt bearbeitet 15.04.2026 00:35:42
- CVE-Watchlists
- Unerledigt
cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerweborf_project
≫
Produkt
weborf
Default Statusunknown
Version
0
Version <
1.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.459 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d
https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991
https://github.com/ltworf/weborf/pull/88
https://github.com/ltworf/weborf/pull/88/commits/7057d254b734dfc9cfb58983f901aa6ec3c94fd4