Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CVE-2023-50927 (GCVE-0-2023-50927)
Vulnerability from cvelistv5 – Published: 2024-02-14 19:22 – Updated: 2025-04-24 15:15
VLAI
Title
Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG
Summary
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. Users unable to upgrade should manually apply the code changes in PR #2484.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/contiki-ng/contiki-ng/security… | x_refsource_CONFIRM |
| https://github.com/contiki-ng/contiki-ng/pull/2484 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| contiki-ng | contiki-ng |
Affected:
< 4.9
|
|
| contiki-ng | contiki-ng |
Affected:
0 , < 4.9
(custom)
cpe:2.3:o:contiki-ng:contiki-ng:4.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:contiki-ng:contiki-ng:4.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"lessThan": "4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T16:42:01.347508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T15:15:35.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:43.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2484",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "contiki-ng",
"vendor": "contiki-ng",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. Users unable to upgrade should manually apply the code changes in PR #2484."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T19:22:05.243Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/2484",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contiki-ng/contiki-ng/pull/2484"
}
],
"source": {
"advisory": "GHSA-9423-rgj4-wjfw",
"discovery": "UNKNOWN"
},
"title": "Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50927",
"datePublished": "2024-02-14T19:22:05.243Z",
"dateReserved": "2023-12-15T20:57:23.174Z",
"dateUpdated": "2025-04-24T15:15:35.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51391 (GCVE-0-2023-51391)
Vulnerability from cvelistv5 – Published: 2024-04-16 19:19 – Updated: 2025-02-13 17:19
VLAI
Title
Micrium OS Network uC-HTTP server header parsing invalid pointer dereference vulnerability
Summary
A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com |
Affected:
0 , < 4.4.2
(semver)
|
||
| silabs | gecko_software_development_kit |
Affected:
0 , < 4.4.2
(semver)
cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gecko_software_development_kit",
"vendor": "silabs",
"versions": [
{
"lessThan": "4.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T15:20:08.625622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T15:21:32.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000004688g"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/SiliconLabs/gecko_sdk/releases",
"defaultStatus": "unaffected",
"modules": [
"Micrium OS Network HTTP Server"
],
"packageName": "Gecko SDK",
"platforms": [
"ARM"
],
"repo": "https://github.com/SiliconLabs/gecko_sdk",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service."
}
],
"value": "A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T09:05:54.848Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://community.silabs.com/068Vm000004688g"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1945"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Micrium OS Network uC-HTTP server header parsing invalid pointer dereference vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-51391",
"datePublished": "2024-04-16T19:19:26.502Z",
"dateReserved": "2023-12-18T20:56:24.811Z",
"dateUpdated": "2025-02-13T17:19:44.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51395 (GCVE-0-2023-51395)
Vulnerability from cvelistv5 – Published: 2024-03-07 04:50 – Updated: 2024-09-25 16:03
VLAI
Title
Z-Wave S0 Decryption Vulnerability in End Devices
Summary
The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Silicon Labs | Z-Wave SDK |
Unaffected:
7.20.0
Unaffected: 7.19.3 Unaffected: 7.18.8 Unaffected: 7.17.5 |
|
| silabs | z-wave_software_development_kit |
Unaffected:
0 , < 7.17.5
(custom)
Unaffected: 7.18.0 , < 7.18.8 (custom) Unaffected: 7.19.0 , < 7.19.3 (custom) cpe:2.3:h:silabs:z-wave_software_development_kit:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.silabs.com/068Vm0000029Xq5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:silabs:z-wave_software_development_kit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "z-wave_software_development_kit",
"vendor": "silabs",
"versions": [
{
"lessThan": "7.17.5",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.18.8",
"status": "unaffected",
"version": "7.18.0",
"versionType": "custom"
},
{
"lessThan": "7.19.3",
"status": "unaffected",
"version": "7.19.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T16:36:30.844451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T16:44:12.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "Z-Wave SDK",
"platforms": [
"ARM",
"32 bit"
],
"product": "Z-Wave SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "Silicon Labs",
"versions": [
{
"status": "unaffected",
"version": "7.20.0"
},
{
"status": "unaffected",
"version": "7.19.3"
},
{
"status": "unaffected",
"version": "7.18.8"
},
{
"status": "unaffected",
"version": "7.17.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.\u003c/span\u003e"
}
],
"value": "The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:03:46.409Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://community.silabs.com/068Vm0000029Xq5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Z-Wave S0 Decryption Vulnerability in End Devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-51395",
"datePublished": "2024-03-07T04:50:54.651Z",
"dateReserved": "2023-12-18T20:56:24.812Z",
"dateUpdated": "2024-09-25T16:03:46.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51439 (GCVE-0-2023-51439)
Vulnerability from cvelistv5 – Published: 2024-01-09 10:00 – Updated: 2025-04-17 17:54
VLAI
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | JT2Go |
Affected:
All versions < V14.3.0.6
|
|
| Siemens | Teamcenter Visualization V13.3 |
Affected:
All versions < V13.3.0.13
|
|
| Siemens | Teamcenter Visualization V14.1 |
Affected:
All versions < V14.1.0.12
|
|
| Siemens | Teamcenter Visualization V14.2 |
Affected:
All versions < V14.2.0.9
|
|
| Siemens | Teamcenter Visualization V14.3 |
Affected:
All versions < V14.3.0.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:10.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-10T18:29:28.656739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:54:26.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "JT2Go",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14.3.0.6"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V13.3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.3.0.13"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V14.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14.1.0.12"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V14.2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14.2.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V14.3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14.3.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T10:00:14.394Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-51439",
"datePublished": "2024-01-09T10:00:14.394Z",
"dateReserved": "2023-12-19T11:47:14.991Z",
"dateUpdated": "2025-04-17T17:54:26.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51456 (GCVE-0-2023-51456)
Vulnerability from cvelistv5 – Published: 2024-04-02 10:31 – Updated: 2024-09-30 10:03
VLAI
Summary
A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| DJI | Mavic 3 Pro |
Affected:
0 , < 01.01.0300
(custom)
|
|
| DJI | Mavic 3 |
Affected:
0 , < 01.00.1200
(custom)
|
|
| DJI | Mavic 3 Classic |
Affected:
0 , < 01.00.0500
(custom)
|
|
| DJI | Mavic 3 Enterprise |
Affected:
0 , < 7.01.10.03
(custom)
|
|
| DJI | Matrice 300 |
Affected:
0 , < 57.00.01.00
(custom)
|
|
| DJI | Matrice M30 |
Affected:
0 , < 07.01.0022
(custom)
|
|
| DJI | Mini 3 Pro |
Affected:
0 , < 01.00.0620
(custom)
|
|
| dji | mavic_3_pro_firmware |
Affected:
0 , < 01.01.0300
(custom)
cpe:2.3:o:dji:mavic_3_pro_firmware:*:*:*:*:*:*:*:* |
|
| dji | matrice_m30_firmware |
Affected:
0 , < 07.01.0022
(custom)
cpe:2.3:o:dji:matrice_m30_firmware:*:*:*:*:*:*:*:* |
|
| dji | matrice_300_firmware |
Affected:
0 , < 57.00.01.00
(custom)
cpe:2.3:o:dji:matrice_300_firmware:*:*:*:*:*:*:*:* |
|
| dji | mavic_3_firmware |
Affected:
0 , < 01.00.1200
(custom)
cpe:2.3:o:dji:mavic_3_firmware:*:*:*:*:*:*:*:* |
|
| dji | mini_3_pro_firmware |
Affected:
0 , < 01.00.0620
(custom)
cpe:2.3:o:dji:mini_3_pro_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dji:mavic_3_pro_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mavic_3_pro_firmware",
"vendor": "dji",
"versions": [
{
"lessThan": "01.01.0300",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dji:matrice_m30_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "matrice_m30_firmware",
"vendor": "dji",
"versions": [
{
"lessThan": "07.01.0022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dji:matrice_300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "matrice_300_firmware",
"vendor": "dji",
"versions": [
{
"lessThan": "57.00.01.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dji:mavic_3_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mavic_3_firmware",
"vendor": "dji",
"versions": [
{
"lessThan": "01.00.1200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dji:mini_3_pro_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mini_3_pro_firmware",
"vendor": "dji",
"versions": [
{
"lessThan": "01.00.0620",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T01:24:04.327864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T01:33:28.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:10.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51456/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mavic 3 Pro",
"vendor": "DJI",
"versions": [
{
"lessThan": "01.01.0300",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mavic 3",
"vendor": "DJI",
"versions": [
{
"lessThan": "01.00.1200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mavic 3 Classic",
"vendor": "DJI",
"versions": [
{
"lessThan": "01.00.0500",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mavic 3 Enterprise",
"vendor": "DJI",
"versions": [
{
"lessThan": "7.01.10.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Matrice 300",
"vendor": "DJI",
"versions": [
{
"lessThan": "57.00.01.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Matrice M30",
"vendor": "DJI",
"versions": [
{
"lessThan": "07.01.0022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mini 3 Pro",
"vendor": "DJI",
"versions": [
{
"lessThan": "01.00.0620",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Giubertoni of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620."
}
],
"value": "A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T10:03:29.786Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51456/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2023-51456",
"datePublished": "2024-04-02T10:31:30.487Z",
"dateReserved": "2023-12-19T15:38:30.829Z",
"dateUpdated": "2024-09-30T10:03:29.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51550 (GCVE-0-2023-51550)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-08-02 22:40
VLAI
Title
Foxit PDF Reader combobox Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
Foxit PDF Reader combobox Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of combobox fields. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21870.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.foxit.com/support/security-bulletins.html | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit | PDF Reader |
Affected:
12.1.3.15356
|
|
| foxit | pdf_editor |
Affected:
0 , ≤ 10.1.12.37872
(custom)
cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:* |
|
| foxit | pdf_editor |
Affected:
11.0.0 , ≤ 11.2.7.53812
(custom)
cpe:2.3:a:foxit:pdf_editor:11.0.0:*:*:*:*:*:*:* |
Date Public
2023-12-20 23:06
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.12.37872",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.2.7.53812",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T20:24:55.324145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:00.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1864",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1864/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Reader",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "12.1.3.15356"
}
]
}
],
"dateAssigned": "2023-12-20T20:45:49.106Z",
"datePublic": "2023-12-20T23:06:46.229Z",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader combobox Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of combobox fields. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21870."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:52.511Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1864",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1864/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Foxit PDF Reader combobox Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51550",
"datePublished": "2024-05-03T02:14:52.511Z",
"dateReserved": "2023-12-20T20:38:20.863Z",
"dateUpdated": "2024-08-02T22:40:33.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51553 (GCVE-0-2023-51553)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-08-02 22:40
VLAI
Title
Foxit PDF Reader Bookmark Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
Foxit PDF Reader Bookmark Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Bookmark objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22110.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.foxit.com/support/security-bulletins.html | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit | PDF Reader |
Affected:
12.1.3.15356
|
|
| foxit | pdf_editor |
Affected:
0 , ≤ 10.1.12.37872
(custom)
cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:* |
|
| foxit | pdf_editor |
Affected:
11.0.0 , ≤ 11.2.7.53812
(custom)
cpe:2.3:a:foxit:pdf_editor:11.0.0:*:*:*:*:*:*:* |
Date Public
2023-12-20 23:07
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "10.1.12.37872",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:foxit:pdf_editor:11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_editor",
"vendor": "foxit",
"versions": [
{
"lessThanOrEqual": "11.2.7.53812",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T20:14:03.242165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:12.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1867",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1867/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Reader",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "12.1.3.15356"
}
]
}
],
"dateAssigned": "2023-12-20T20:45:49.129Z",
"datePublic": "2023-12-20T23:07:08.298Z",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader Bookmark Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Bookmark objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22110."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:54.679Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1867",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1867/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Foxit PDF Reader Bookmark Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51553",
"datePublished": "2024-05-03T02:14:54.679Z",
"dateReserved": "2023-12-20T20:38:20.863Z",
"dateUpdated": "2024-08-02T22:40:33.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51555 (GCVE-0-2023-51555)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-08-02 22:40
VLAI
Title
Foxit PDF Reader Doc Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
Foxit PDF Reader Doc Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22254.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.foxit.com/support/security-bulletins.html | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit | PDF Reader |
Affected:
2023.2.0.21408
|
|
| foxit | pdf_reader |
Affected:
2023.2.0.21408
cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:* |
Date Public
2023-12-20 23:07
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_reader",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "2023.2.0.21408"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T18:31:23.352559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:28.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1868",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1868/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Reader",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "2023.2.0.21408"
}
]
}
],
"dateAssigned": "2023-12-20T20:45:49.142Z",
"datePublic": "2023-12-20T23:07:15.670Z",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader Doc Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22254."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:56.163Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1868",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1868/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Foxit PDF Reader Doc Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51555",
"datePublished": "2024-05-03T02:14:56.163Z",
"dateReserved": "2023-12-20T20:38:20.864Z",
"dateUpdated": "2024-08-02T22:40:33.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51558 (GCVE-0-2023-51558)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-08-02 22:40
VLAI
Title
Foxit PDF Reader AcroForm Doc Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
Foxit PDF Reader AcroForm Doc Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22257.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.foxit.com/support/security-bulletins.html | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit | PDF Reader |
Affected:
2023.2.0.21408
|
|
| foxit | pdf_reader |
Affected:
2023.2.0.21408
cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:* |
Date Public
2023-12-20 23:07
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_reader",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "2023.2.0.21408"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T20:06:29.268223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:35.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1871",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1871/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Reader",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "2023.2.0.21408"
}
]
}
],
"dateAssigned": "2023-12-20T20:45:49.161Z",
"datePublic": "2023-12-20T23:07:44.902Z",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Doc Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22257."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:58.447Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1871",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1871/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Foxit PDF Reader AcroForm Doc Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51558",
"datePublished": "2024-05-03T02:14:58.447Z",
"dateReserved": "2023-12-20T20:38:20.864Z",
"dateUpdated": "2024-08-02T22:40:33.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51559 (GCVE-0-2023-51559)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-08-02 22:40
VLAI
Title
Foxit PDF Reader Doc Out-Of-Bounds Read Remote Code Execution Vulnerability
Summary
Foxit PDF Reader Doc Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22258.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit | PDF Reader |
Affected:
2023.2.0.21408
|
|
| foxit | pdf_reader |
Affected:
2023.2.0.21408
cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:* |
Date Public
2023-12-20 23:07
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pdf_reader",
"vendor": "foxit",
"versions": [
{
"status": "affected",
"version": "2023.2.0.21408"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T20:04:58.581596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:24.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1872",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1872/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Reader",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "2023.2.0.21408"
}
]
}
],
"dateAssigned": "2023-12-20T20:45:49.167Z",
"datePublic": "2023-12-20T23:07:54.878Z",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader Doc Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22258."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:59.243Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1872",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1872/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Foxit PDF Reader Doc Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51559",
"datePublished": "2024-05-03T02:14:59.243Z",
"dateReserved": "2023-12-20T20:38:20.865Z",
"dateUpdated": "2024-08-02T22:40:34.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Phase: Architecture and Design
Strategy: Language Selection
Description:
- Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.