9.8
CVE-2023-52389
- EPSS 0.14%
- Veröffentlicht 27.01.2024 03:15:07
- Zuletzt bearbeitet 29.05.2025 16:15:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginUTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pocoproject ≫ Poco Version < 1.11.8
Pocoproject ≫ Poco Version >= 1.12.0 < 1.12.5
Pocoproject ≫ Poco Version1.11.8 Update-
Pocoproject ≫ Poco Version1.11.8 Updatep1
Pocoproject ≫ Poco Version1.12.5 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.351 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.