CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CVE-2023-32027 (GCVE-0-2023-32027)
Vulnerability from cvelistv5 – Published: 2023-06-16 00:44 – Updated: 2025-02-28 21:08
VLAI
Title
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
11 products
Date Public
2023-06-15 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T20:20:54.895772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T21:08:42.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.2.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.2.1.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.33",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.4",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.4.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.4.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.2.2.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.2.1.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.4.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.2.1.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.33",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.23",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.15",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.11",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.4",
"versionStartIncluding": "17.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:43.911Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32027",
"datePublished": "2023-06-16T00:44:29.549Z",
"dateReserved": "2023-05-01T15:34:52.132Z",
"dateUpdated": "2025-02-28T21:08:42.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32028 (GCVE-0-2023-32028)
Vulnerability from cvelistv5 – Published: 2023-06-16 00:44 – Updated: 2025-01-01 01:43
VLAI
Title
Microsoft SQL OLE DB Remote Code Execution Vulnerability
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
Severity
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft OLE DB Driver 19 for SQL Server |
Affected:
19.0.0 , < 19.3.0001.0
(custom)
|
|
| Microsoft | Microsoft OLE DB Driver 18 for SQL Server |
Affected:
18.0.0 , < 18.6.0006.0
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Affected:
16.11.0 , < 16.11.33
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Affected:
17.2.0 , < 17.2.23
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.4 |
Affected:
17.4.0 , < 17.4.15
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Affected:
17.6.0 , < 17.6.11
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.8 |
Affected:
17.8.0 , < 17.8.4
(custom)
|
Date Public
2023-06-15 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OLE DB Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 19 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "19.3.0001.0",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 18 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.6.0006.0",
"status": "affected",
"version": "18.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.33",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.23",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.15",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.11",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.4",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19.3.0001.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.6.0006.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.33",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.23",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.15",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.11",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.4",
"versionStartIncluding": "17.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:44.971Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SQL OLE DB Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028"
}
],
"title": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32028",
"datePublished": "2023-06-16T00:44:30.155Z",
"dateReserved": "2023-05-01T15:34:52.132Z",
"dateUpdated": "2025-01-01T01:43:44.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32047 (GCVE-0-2023-32047)
Vulnerability from cvelistv5 – Published: 2023-07-11 17:02 – Updated: 2025-01-01 01:52
VLAI
Title
Paint 3D Remote Code Execution Vulnerability
Summary
Paint 3D Remote Code Execution Vulnerability
Severity
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
Date Public
2023-07-11 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T18:30:24.320033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T20:19:00.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Paint 3D Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Paint 3D",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2305.16087.0",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:paint_3d:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2305.16087.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-07-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Paint 3D Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:52:07.448Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Paint 3D Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32047"
}
],
"title": "Paint 3D Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32047",
"datePublished": "2023-07-11T17:02:32.488Z",
"dateReserved": "2023-05-01T15:34:52.138Z",
"dateUpdated": "2025-01-01T01:52:07.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32083 (GCVE-0-2023-32083)
Vulnerability from cvelistv5 – Published: 2023-07-11 17:03 – Updated: 2025-02-28 20:00
VLAI
Title
Microsoft Failover Cluster Information Disclosure Vulnerability
Summary
Microsoft Failover Cluster Information Disclosure Vulnerability
Severity
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.4645
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.4645
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.1850
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.6085
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.6085
(custom)
|
Date Public
2023-07-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Failover Cluster Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32083"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:24:33.734116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:00:43.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4645",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4645",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.1850",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6085",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6085",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4645",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4645",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.1850",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6085",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6085",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-07-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Failover Cluster Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:52:52.862Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Failover Cluster Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32083"
}
],
"title": "Microsoft Failover Cluster Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32083",
"datePublished": "2023-07-11T17:03:17.935Z",
"dateReserved": "2023-05-01T17:58:06.204Z",
"dateUpdated": "2025-02-28T20:00:43.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32138 (GCVE-0-2023-32138)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-09-18 18:28
VLAI
Title
D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-18416.
Severity
7.5 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://supportannouncement.us.dlink.com/announce… | vendor-advisory |
Date Public
2023-05-04 22:14
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:dap-1360:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dap-1360",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T17:35:00.512734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:06.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-530",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-530/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DAP-1360",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "6.14B01 EU HOTFIX"
}
]
}
],
"dateAssigned": "2023-05-03T20:16:42.940Z",
"datePublic": "2023-05-04T22:14:43.040Z",
"descriptions": [
{
"lang": "en",
"value": "D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-18416."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:28:08.264Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-530",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-530/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32138",
"datePublished": "2024-05-03T01:56:25.440Z",
"dateReserved": "2023-05-03T20:10:47.058Z",
"dateUpdated": "2024-09-18T18:28:08.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32140 (GCVE-0-2023-32140)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2025-02-05 20:46
VLAI
Title
D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:sys_Token parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-18418.
Severity
7.5 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://supportannouncement.us.dlink.com/announce… | vendor-advisory |
Date Public
2023-05-04 22:15
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dap-1360",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "v6.14b01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:15:13.341341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:46:14.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-532",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-532/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DAP-1360",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "6.14B01 EU HOTFIX"
}
]
}
],
"dateAssigned": "2023-05-03T20:16:42.952Z",
"datePublic": "2023-05-04T22:15:02.754Z",
"descriptions": [
{
"lang": "en",
"value": "D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:sys_Token parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-18418."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:28:09.741Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-532",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-532/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32140",
"datePublished": "2024-05-03T01:56:27.034Z",
"dateReserved": "2023-05-03T20:10:47.059Z",
"dateUpdated": "2025-02-05T20:46:14.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32157 (GCVE-0-2023-32157)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-09-18 18:28
VLAI
Title
Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability
Summary
Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.
The specific flaw exists within the bsa_server process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of an unprivileged user in a sandboxed process.
. Was ZDI-CAN-20737.
Severity
4.6 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Date Public
2023-07-18 15:01
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T17:53:55.416927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:26.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-973",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-973/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Model 3",
"vendor": "Tesla",
"versions": [
{
"status": "affected",
"version": "Model 3 - 2023.6"
}
]
}
],
"dateAssigned": "2023-05-03T20:16:43.058Z",
"datePublic": "2023-07-18T15:01:15.646Z",
"descriptions": [
{
"lang": "en",
"value": "Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the bsa_server process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of an unprivileged user in a sandboxed process.\n. Was ZDI-CAN-20737."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:28:22.099Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-973",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-973/"
}
],
"source": {
"lang": "en",
"value": "David BERARD (@_p0ly_) and Vincent DEHORS (@vdehors) from Synacktiv (@Synacktiv)"
},
"title": "Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32157",
"datePublished": "2024-05-03T01:56:39.627Z",
"dateReserved": "2023-05-03T20:10:47.061Z",
"dateUpdated": "2024-09-18T18:28:22.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32307 (GCVE-0-2023-32307)
Vulnerability from cvelistv5 – Published: 2023-05-26 22:11 – Updated: 2025-02-13 16:50
VLAI
Title
heap-over-flow and integer-overflow in sofia-sip
Summary
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.
Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.
Severity
7.5 (High)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| freeswitch | sofia-sip |
Affected:
< 1.13.15
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00002.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5431"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OY66DOQ3B7GULJTI66X5HNX5FU3P65CX/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32307",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T19:20:35.060813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:20:38.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sofia-sip",
"vendor": "freeswitch",
"versions": [
{
"status": "affected",
"version": "\u003c 1.13.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.\nReferring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T03:06:35.254Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00002.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5431"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OY66DOQ3B7GULJTI66X5HNX5FU3P65CX/"
}
],
"source": {
"advisory": "GHSA-rm4c-ccvf-ff9c",
"discovery": "UNKNOWN"
},
"title": "heap-over-flow and integer-overflow in sofia-sip"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32307",
"datePublished": "2023-05-26T22:11:16.875Z",
"dateReserved": "2023-05-08T13:26:03.878Z",
"dateUpdated": "2025-02-13T16:50:31.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32324 (GCVE-0-2023-32324)
Vulnerability from cvelistv5 – Published: 2023-06-01 16:04 – Updated: 2025-02-13 16:50
VLAI
Title
OpenPrinting CUPS vulnerable to heap buffer overflow
Summary
OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.
Severity
7.5 (High)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/OpenPrinting/cups/security/adv… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2023… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenPrinting | cups |
Affected:
<= 2.4.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T21:43:15.624616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T21:43:26.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cups",
"vendor": "OpenPrinting",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T16:05:06.955Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html"
}
],
"source": {
"advisory": "GHSA-cxc6-w2g7-69p7",
"discovery": "UNKNOWN"
},
"title": "OpenPrinting CUPS vulnerable to heap buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32324",
"datePublished": "2023-06-01T16:04:10.994Z",
"dateReserved": "2023-05-08T13:26:03.880Z",
"dateUpdated": "2025-02-13T16:50:32.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32461 (GCVE-0-2023-32461)
Vulnerability from cvelistv5 – Published: 2023-09-15 06:56 – Updated: 2024-09-25 14:12
VLAI
Summary
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.
Severity
5 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021654… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
Versions prior to 1.5.6
Affected: Versions prior to 1.1.3 Affected: Versions prior to 1.1.4 Affected: Versions prior to 1.2.5 Affected: Versions prior to 1.3.11 Affected: Versions prior to 1.10.2 Affected: Versions prior to 1.6.3 Affected: Versions prior to 1.10.4 Affected: Versions prior to 2.11.4 Affected: Versions prior to 2.11.3 Affected: Versions prior to Before 1.11.2 |
Date Public
2023-09-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:01:49.731484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:12:53.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "BIOS",
"platforms": [
"PowerEdge R660",
"PowerEdge R760",
"PowerEdge C6620",
"PowerEdge MX760c",
"PowerEdge R860",
"PowerEdge R960",
"PowerEdge HS5610",
"PowerEdge HS5620",
"PowerEdge R660xs",
"PowerEdge R760xs",
"PowerEdge R760xd2",
"PowerEdge T560",
"PowerEdge R760xa",
"PowerEdge XE9680",
"PowerEdge XR5610",
"PowerEdge XR8620t",
"PowerEdge XR7620",
"PowerEdge XE8640",
"PowerEdge R6615",
"PowerEdge R7615",
"PowerEdge R6625",
"PowerEdge R7625",
"PowerEdge R650",
"PowerEdge R750",
"PowerEdge R750XA",
"PowerEdge C6520",
"PowerEdge MX750C",
"PowerEdge R550",
"PowerEdge R450",
"PowerEdge R650XS",
"PowerEdge R750XS",
"PowerEdge T550",
"PowerEdge XR11",
"PowerEdge XR12",
"PowerEdge T150",
"PowerEdge T350",
"PowerEdge R250",
"PowerEdge R350",
"PowerEdge XR4510c",
"PowerEdge XR4520c",
"PowerEdge R6515",
"PowerEdge R6525",
"PowerEdge R7515",
"PowerEdge R7525",
"PowerEdge C6525",
"PowerEdge XE8545",
"Dell EMC XC Core XC450",
"Dell EMC XC Core XC650",
"Dell EMC XC Core XC750",
"Dell EMC XC Core XC750xa",
"Dell EMC XC Core XC6520",
"Dell EMC XC Core XC7525"
],
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Versions prior to 1.5.6"
},
{
"status": "affected",
"version": "Versions prior to 1.1.3"
},
{
"status": "affected",
"version": "Versions prior to 1.1.4"
},
{
"status": "affected",
"version": "Versions prior to 1.2.5"
},
{
"status": "affected",
"version": "Versions prior to 1.3.11"
},
{
"status": "affected",
"version": "Versions prior to 1.10.2"
},
{
"status": "affected",
"version": "Versions prior to 1.6.3"
},
{
"status": "affected",
"version": "Versions prior to 1.10.4"
},
{
"status": "affected",
"version": "Versions prior to 2.11.4"
},
{
"status": "affected",
"version": "Versions prior to 2.11.3"
},
{
"status": "affected",
"version": "Versions prior to Before 1.11.2"
}
]
}
],
"datePublic": "2023-09-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. \u0026nbsp;\u003c/span\u003e\n\n"
}
],
"value": "\nDell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. \u00a0\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T06:56:54.605Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32461",
"datePublished": "2023-09-15T06:56:54.605Z",
"dateReserved": "2023-05-09T06:05:24.994Z",
"dateUpdated": "2024-09-25T14:12:53.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases:
Description:
- Pre-design: Use a language or compiler that performs automatic bounds checking.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Strategy: Libraries or Frameworks
Description:
- Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary.
Mitigation
Phase: Operation
Description:
- Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.