Lucene search

CERTVDECVELIST:CVE-2023-3935

HistorySep 13, 2023 - 1:19 p.m.

CVE-2023-3935 Wibu: Buffer Overflow in CodeMeter Runtime

2023-09-1313:19:18

CWE-787

CERTVDE

www.cve.org

cve-2023-3935

wibu

buffer overflow

codemeter runtime

rce

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CodeMeter Runtime",
    "vendor": "Wibu",
    "versions": [
      {
        "lessThanOrEqual": "7.60b",
        "status": "affected",
        "version": "0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "CodeMeter Runtime",
    "vendor": "Wibu",
    "versions": [
      {
        "status": "unaffected",
        "version": "7.21g"
      }
    ]
  }
]

References

cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf

cert.vde.com/en/advisories/VDE-2023-030/

cert.vde.com/en/advisories/VDE-2023-031/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

Related for CVELIST:CVE-2023-3935