Lucene search

GoogleOSV:CVE-2023-51939

HistoryFeb 01, 2024 - 7:15 a.m.

CVE-2023-51939

2024-02-0107:15:08

Google

osv.dev

cp_bbs_sig

information leakage

privilege escalation

relic-toolkit 0.6.0

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.3%

JSON

An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function.

CPENameOperatorVersion
reliceqrelic-toolkit-0.4.0
reliceq0.6.0
reliceqrelic-toolkit-0.5.0

Name	Operator	Version
relic	eq	relic-toolkit-0.4.0
relic	eq	0.6.0
relic	eq	relic-toolkit-0.5.0

References

gist.github.com/liang-junkai/1b59487c0f7002fa5da98035b53e409f

github.com/liang-junkai/Relic-bbs-fault-injection

github.com/relic-toolkit/relic/issues/284

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for OSV:CVE-2023-51939