CVE-2022-39843

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from process_fmt() that can be reached via a w3r_format element in a wk3 document.

123elf Lotus 1-2-3 versiones anteriores a 1.0.0rc3 para Linux, y Lotus 1-2-3 R3 para UNIX y otras plataformas hasta 9.8.2, permiten a atacantes ejecutar código arbitrario por medio de una hoja de cálculo diseñada. Esto ocurre debido a un desbordamiento del búfer en la región stack de la memoria en las rutinas de procesamiento del formato de celdas, como es demostrado en una determinada llamada a la función de process_fmt() que puede ser alcanzada por medio de un elemento w3r_format en un documento wk3

*Credits: N/A

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-05 CVE Reserved
2022-09-05 CVE Published
2024-02-16 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (2)

URL	Tag	Source
https://github.com/taviso/123elf/releases/tag/v1.0.0rc3	Release Notes

URL	Date	SRC
https://github.com/taviso/123elf/issues/103	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Lotus 1-2-3 Project Search vendor "Lotus 1-2-3 Project"	Lotus 1-2-3 Search vendor "Lotus 1-2-3 Project" for product "Lotus 1-2-3"	1.0.0 Search vendor "Lotus 1-2-3 Project" for product "Lotus 1-2-3" and version "1.0.0"	rc1	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	-	-	Safe
Lotus 1-2-3 Project Search vendor "Lotus 1-2-3 Project"	Lotus 1-2-3 Search vendor "Lotus 1-2-3 Project" for product "Lotus 1-2-3"	1.0.0 Search vendor "Lotus 1-2-3 Project" for product "Lotus 1-2-3" and version "1.0.0"	rc2	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	-	-	Safe