Lucene search

Ubuntu.comUB:CVE-2023-23108

HistoryFeb 27, 2023 - 12:00 a.m.

CVE-2023-23108

2023-02-2700:00:00

ubuntu.com

cve-2023-23108

crasm 1.8-3

input validation

null pointer dereference

xasc

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.4%

JSON

In crasm 1.8-3, invalid input validation, specific files passed to the
command line application, can lead to a NULL pointer dereference in the
function Xasc.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcrasm< anyUNKNOWN
ubuntu20.04noarchcrasm< anyUNKNOWN
ubuntu22.04noarchcrasm< anyUNKNOWN
ubuntu24.04noarchcrasm< anyUNKNOWN
ubuntu16.04noarchcrasm< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	crasm	< any	UNKNOWN
ubuntu	20.04	noarch	crasm	< any	UNKNOWN
ubuntu	22.04	noarch	crasm	< any	UNKNOWN
ubuntu	24.04	noarch	crasm	< any	UNKNOWN
ubuntu	16.04	noarch	crasm	< any	UNKNOWN

References

github.com/colinbourassa/crasm/pull/7

github.com/WhatTheFuzz/crasm-fuzz/tree/a020ad6ad99a72ca373f7dd1aab3a61a7c87fd66/bug-null-pointer

launchpad.net/bugs/cve/CVE-2023-23108

nvd.nist.gov/vuln/detail/CVE-2023-23108

security-tracker.debian.org/tracker/CVE-2023-23108

www.cve.org/CVERecord?id=CVE-2023-23108

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.4%

JSON

Related for UB:CVE-2023-23108