CVE-2023-38652
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero.
Existen múltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de análisis de dictados VZT vzt_rd_block_vch_decode de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar daños en la memoria. Una víctima necesitaría abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere al desbordamiento de enteros cuando num_time_ticks no es cero.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-07-21 CVE Reserved
- 2024-01-08 CVE Published
- 2024-06-30 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (2)
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1815 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tonybybell Search vendor "Tonybybell" | Gtkwave Search vendor "Tonybybell" for product "Gtkwave" | 3.3.115 Search vendor "Tonybybell" for product "Gtkwave" and version "3.3.115" | - |
Affected
| ||||||