JVN#28846531: Multiple vulnerabilities in JustSystems products

2023-10-1900:00:00

Japan Vulnerability Notes

jvn.jp

justsystems

vulnerabilities

patch

ichitaro series

rakuraku hagaki series

just office series

just government series

just police series

abnormal termination

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

73.1%

JSON

Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below.

Use after free (CWE-416) - CVE-2023-34366

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	Base Score: 3.3
CVSS v2	AV:L/AC:M/Au:N/C:N/I:N/A:P	Base Score: 1.9

Integer overflow (CWE-190) - CVE-2023-38127

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	Base Score: 3.3
CVSS v2	AV:L/AC:M/Au:N/C:N/I:N/A:P	Base Score: 1.9

Access of resource using incompatible type (Type confusion) (CWE-843) - CVE-2023-38128

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	Base Score: 3.3
CVSS v2	AV:L/AC:M/Au:N/C:N/I:N/A:P	Base Score: 1.9

Improper validation of array index (CWE-129) - CVE-2023-35126

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	Base Score: 3.3
CVSS v2	AV:L/AC:M/Au:N/C:N/I:N/A:P	Base Score: 1.9

Impact

Processing a specially crafted file may lead to the product’s abnormal termination.

Solution

Apply the Patch
Apply the patch according to the information provided by the developer.
For more information, refer to the information provided by the developer.

Products Affected

Ichitaro series
Rakuraku Hagaki series
JUST Office series
JUST Government series
JUST Police series
A wide range of products is affected. For the details, refer to the information provided by the developer.