Lucene search

[email protected]CVE-2023-3433

HistoryJul 14, 2023 - 1:15 p.m.

CVE-2023-3433

2023-07-1413:15:09

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-3433

savoir-faire linux

jami application

nickname field

local denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The “nickname” field within Savoir-faire Linux’s Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of service to the application.

Affected configurations

NVD

Node

savoirfairelinuxjamiMatch20222284

CPENameOperatorVersion
savoirfairelinux:jamisavoirfairelinux jamieq20222284

CPE	Name	Operator	Version
savoirfairelinux:jami	savoirfairelinux jami	eq	20222284

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Jami",
    "vendor": "Savoir-faire Linux",
    "versions": [
      {
        "status": "affected",
        "version": "20222284"
      }
    ]
  }
]

References

blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-Vulnerabilities

git.jami.net/savoirfairelinux/jami-client-qt/-/wikis/Changelog#nightly-january-10

review.jami.net/c/jami-daemon/+/23575

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-3433

nvd1 prion1 cvelist1