Lucene search
HistoryJun 16, 2023 - 4:15 p.m.
CVE-2023-34795
vulnerability
xlsxio
dos
cve-2023-34795
uninitialized pointer
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
24.0%
xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file.
Affected configurations
Node
xlsxio_projectxlsxioRange0.1.2–0.2.34
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xlsxio_project | xlsxio | * | cpe:2.3:a:xlsxio_project:xlsxio:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-34795
2023-06-16 00:00:00
osv
osv
CVE-2023-34795
2023-06-16 16:15:09
cve
cve
CVE-2023-34795
2023-06-16 16:15:09
prion
prion
Authentication flaw
2023-06-16 16:15:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
24.0%
Related for NVD:CVE-2023-34795