Lucene search

K
nvd[email protected]NVD:CVE-2023-28653
HistoryJun 06, 2023 - 5:15 p.m.

CVE-2023-28653

2023-06-0617:15:13
CWE-416
web.nvd.nist.gov
3
affected application
validation
user-supplied data
parsing
project files
use-after-free
vulnerability
arbitrary code
current process

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.9%

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Affected configurations

Nvd
Node
hornerautomationcscapeMatch9.90sp8
OR
hornerautomationcscape_envisionrvMatch4.70

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.9%

Related for NVD:CVE-2023-28653