CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
75.3%
The version of Artifex Ghostscript installed on the remote Windows host is prior to 10.01.1. It is, therefore, affected by a buffer overflow that can lead to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(177205);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/27");
script_cve_id("CVE-2023-28879");
script_xref(name:"IAVB", value:"2023-B-0023-S");
script_name(english:"Artifex Ghostscript < 10.01.1 Buffer Overflow");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a library that is affected by a buffer overflow flaw.");
script_set_attribute(attribute:"description", value:
"The version of Artifex Ghostscript installed on the remote Windows host is prior to 10.01.1. It is, therefore, affected
by a buffer overflow that can lead to potential corruption of data internal to the PostScript interpreter, in
base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte
less than full, and one then tries to write an escaped character, two bytes are written.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugs.ghostscript.com/show_bug.cgi?id=706494");
script_set_attribute(attribute:"solution", value:
"Upgrade to Artifex Ghostscript 10.01.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28879");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/31");
script_set_attribute(attribute:"patch_publication_date", value:"2023/03/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:artifex:ghostscript");
script_set_attribute(attribute:"cpe", value:"cpe:/a:artifex:gpl_ghostscript");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ghostscript_detect.nbin");
script_require_keys("installed_sw/Ghostscript");
exit(0);
}
include('vcf.inc');
var app = 'Ghostscript';
var constraints = [{'fixed_version' : '10.01.1'}];
var app_info = vcf::get_app_info(app:app, win_local:TRUE);
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);