Lucene search

JpcertCVE-2024-43700

HistoryAug 29, 2024 - 11:15 a.m.

CVE-2024-43700

2024-08-2911:15:26

CWE-121

CWE-787

jpcert

web.nvd.nist.gov

xfpt buffer overflow file processing code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user’s environment.

Affected configurations

Nvd

Vulners

Node

philiphazelxfptRange<1.01

VendorProductVersionCPE
philiphazelxfpt*cpe:2.3:a:philiphazel:xfpt:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
philiphazel	xfpt	*	cpe:2.3:a:philiphazel:xfpt::::::::

CNA Affected

[
  {
    "vendor": "Philip Hazel",
    "product": "xfpt",
    "versions": [
      {
        "version": "prior to 1.01",
        "status": "affected"
      }
    ]
  }
]

References

github.com/PhilipHazel/xfpt

github.com/PhilipHazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4

jvn.jp/en/vu/JVNVU96498690/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

Related for CVE-2024-43700