Lucene search

GoogleOSV:CVE-2023-43619

HistorySep 20, 2023 - 6:15 a.m.

CVE-2023-43619

2023-09-2006:15:10

Google

osv.dev

cve-2023-43619

croc

sender

file transfer

vulnerability

executable content

.ssh/authorized_keys

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.9%

JSON

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.

CPENameOperatorVersion
croceq8.5.3
croceq6.0.11
croceq9.6.1
croceq9.2.0
croceq8.3.2
croceq6.4.1
croceq6.4.3
croceq8.6.2
croceq6.2.4
croceq9.6.4

Name	Operator	Version
croc	eq	8.5.3
croc	eq	6.0.11
croc	eq	9.6.1
croc	eq	9.2.0
croc	eq	8.3.2
croc	eq	6.4.1
croc	eq	6.4.3
croc	eq	8.6.2
croc	eq	6.2.4
croc	eq	9.6.4

Rows per page:

1-10 of 1331

References

www.openwall.com/lists/oss-security/2023/09/21/5

github.com/schollz/croc/issues/593

www.openwall.com/lists/oss-security/2023/09/08/2

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for OSV:CVE-2023-43619