CVE-2023-39414
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the right shift operation.
Existen múltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de operación de cambio LXT2 lxt2_rd_iter_radix de GTKWave 3.3.115. Un archivo .lxt2 especialmente manipulado puede provocar daños en la memoria. Una víctima necesitaría abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere al desbordamiento de enteros cuando se realiza la operación de cambio a la derecha.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-07-31 CVE Reserved
- 2024-01-08 CVE Published
- 2024-01-10 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-191: Integer Underflow (Wrap or Wraparound)
CAPEC
References (2)
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1824 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tonybybell Search vendor "Tonybybell" | Gtkwave Search vendor "Tonybybell" for product "Gtkwave" | 3.3.115 Search vendor "Tonybybell" for product "Gtkwave" and version "3.3.115" | - |
Affected
| ||||||