CVE-2023-36746
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when parsing the time table.
Existen múltiples vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad fstReaderIterBlocks2 fstWritex len de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar daños en la memoria. Una víctima necesitaría abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere al manejo de "len" en "fstWritex" al analizar el calendario.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-06-26 CVE Reserved
- 2024-01-08 CVE Published
- 2024-02-17 EPSS Updated
- 2024-09-04 CVE Updated
- 2024-09-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1793 | 2024-09-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tonybybell Search vendor "Tonybybell" | Gtkwave Search vendor "Tonybybell" for product "Gtkwave" | 3.3.115 Search vendor "Tonybybell" for product "Gtkwave" and version "3.3.115" | - |
Affected
| ||||||