Lucene search

Veracode Vulnerability DatabaseVERACODE:42987

HistoryAug 29, 2023 - 4:41 a.m.

Denial Of Service (DoS)

2023-08-2904:41:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

vulnerability

memory violation

gerber rs-274x

filename parsing

overflow

crash

libgerbv.so

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.5%

JSON

libgerbv.so is vulnerable to Denial of Service (DoS) attacks. The vulnerability is caused by an Out-of-bounds memory violation due to the way Gerber RS-274X filenames are parsed. The overflow occurs because the filename variable is not properly freed, which can cause the variable to overflow the memory bounds, causing Gerbv to crash.

CPENameOperatorVersion
libgerbv.sole1.0.9
gerbv:sideq2.7.0-2
libgerbv.sole1.0.9
gerbv:sideq2.7.0-2

Name	Operator	Version
libgerbv.so	le	1.0.9
gerbv:sid	eq	2.7.0-2
libgerbv.so	le	1.0.9
gerbv:sid	eq	2.7.0-2

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508

github.com/advisories/GHSA-m4qj-9cr4-hrw4

github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a

github.com/gerbv/gerbv/commit/dfb5aac533a3f9e8ccd93ca217a753258cba4fe5

github.com/gerbv/gerbv/issues/191

lists.debian.org/debian-lts-announce/2023/09/msg00040.html

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for VERACODE:42987