CVE-2023-36326

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function.

Una vulnerabilidad de desbordamiento de enteros en RELIC antes del commit 34580d840469361ba9b5f001361cad659687b9ab, permite a los atacantes ejecutar código arbitrario, causar una denegación de servicio y escalar privilegios al llamar la función realloc en la función bn_grow

*Credits: N/A

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-06-21 CVE Reserved
2023-09-01 CVE Published
2024-10-01 CVE Updated
2024-10-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (2)

URL	Tag	Source
https://groups.google.com/g/relic-discuss/c/A_J2-ArVIAo/m/qgFiXsUJBQAJ?utm_medium=email&utm_source=footer	Mailing List

URL	Date	SRC

URL	Date	SRC
https://github.com/relic-toolkit/relic/commit/34580d840469361ba9b5f001361cad659687b9ab	2023-09-06

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Relic Project Search vendor "Relic Project"		Relic Search vendor "Relic Project" for product "Relic"				< 2022-11-14 Search vendor "Relic Project" for product "Relic" and version " < 2022-11-14"		-		Affected