Lucene search

GitHub_MCVELIST:CVE-2023-39346

HistoryAug 04, 2023 - 8:33 p.m.

CVE-2023-39346 bjrjk/LinuxASMCallGraph before commit 20dba06 allows attackers to cause a RCE on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file

2023-08-0420:33:27

CWE-434

GitHub_M

www.cve.org

cve-2023-39346

remote code execution

linuxasmcallgraph

incorrect filtering rules

patched

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.2%

JSON

LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds.

CNA Affected

[
  {
    "vendor": "bjrjk",
    "product": "LinuxASMCallGraph",
    "versions": [
      {
        "version": "< 20dba06bd1a3cf260612d4f21547c25002121cd5",
        "status": "affected"
      }
    ]
  }
]

References

github.com/bjrjk/LinuxASMCallGraph/commit/20dba06bd1a3cf260612d4f21547c25002121cd5

github.com/bjrjk/LinuxASMCallGraph/issues/6

github.com/bjrjk/LinuxASMCallGraph/issues/8

github.com/bjrjk/LinuxASMCallGraph/security/advisories/GHSA-63c3-r9qm-c2wx

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.2%

JSON

Related for CVELIST:CVE-2023-39346