Lucene search

[email protected]CVE-2023-33551

HistoryJun 01, 2023 - 3:15 p.m.

CVE-2023-33551

2023-06-0115:15:09

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-33551

heap buffer overflow

erofsfsck_dirent_iter

remote attack

arbitrary code execution

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.2%

JSON

Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.

Affected configurations

NVD

Node

erofs-utils_projecterofs-utilsMatch1.6

CPENameOperatorVersion
erofs-utils_project:erofs-utilserofs-utils project erofs-utilseq1.6

CPE	Name	Operator	Version
erofs-utils_project:erofs-utils	erofs-utils project erofs-utils	eq	1.6

References

github.com/lometsj/blog_repo/issues/2

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHOIRL6XH5NYR3LYI3KP5DE4SDSQWR7W/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGGIYW7PHYQM2NPYCJPSPSLULLD2P2PE/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.2%

JSON

Related for CVE-2023-33551

prion1 cvelist1 nvd1 ubuntucve1 debiancve1 veracode1 osv1 nessus2 fedora2 openvas3 mageia1