Lucene search

[email protected]CVE-2023-51939

HistoryFeb 01, 2024 - 7:15 a.m.

CVE-2023-51939

2024-02-0107:15:08

CWE-74

[email protected]

web.nvd.nist.gov

cve-2023-51939

relic

relic-toolkit

sensitive information

escalate privileges

cp_bbs_sig function

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.3%

JSON

An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function.

Affected configurations

NVD

Node

relic_projectrelicMatch0.6.0

CPENameOperatorVersion
relic_project:relicrelic project reliceq0.6.0

CPE	Name	Operator	Version
relic_project:relic	relic project relic	eq	0.6.0

References

gist.github.com/liang-junkai/1b59487c0f7002fa5da98035b53e409f

github.com/liang-junkai/Relic-bbs-fault-injection

github.com/relic-toolkit/relic/issues/284

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for CVE-2023-51939

nvd1 prion1 osv1 cvelist1