Lucene search

[email protected]NVD:CVE-2023-39346

HistoryAug 04, 2023 - 9:15 p.m.

CVE-2023-39346

2023-08-0421:15:11

CWE-434

[email protected]

web.nvd.nist.gov

linuxasmcallgraph

remote code execution

crafted zip file

upload

security patch

filtering rules

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.2%

JSON

LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds.

Affected configurations

Nvd

Node

renjikailinuxasmcallgraphRange<2022-02-08

VendorProductVersionCPE
renjikailinuxasmcallgraph*cpe:2.3:a:renjikai:linuxasmcallgraph:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
renjikai	linuxasmcallgraph	*	cpe:2.3:a:renjikai:linuxasmcallgraph::::::::

References

github.com/bjrjk/LinuxASMCallGraph/commit/20dba06bd1a3cf260612d4f21547c25002121cd5

github.com/bjrjk/LinuxASMCallGraph/issues/6

github.com/bjrjk/LinuxASMCallGraph/issues/8

github.com/bjrjk/LinuxASMCallGraph/security/advisories/GHSA-63c3-r9qm-c2wx

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.2%

JSON

Related for NVD:CVE-2023-39346

prion1 cve1 osv1 cvelist1