Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CVE-2023-0187 (GCVE-0-2023-0187)
Vulnerability from cvelistv5 – Published: 2023-04-01 04:44 – Updated: 2025-02-13 16:38
VLAI
EPSS
VEX
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | vGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows) |
Affected:
All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T17:10:55.394088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T17:10:59.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows)",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service."
}
],
"value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-03T14:06:47.035Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
},
{
"url": "https://security.gentoo.org/glsa/202310-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2023-0187",
"datePublished": "2023-04-01T04:44:23.877Z",
"dateReserved": "2023-01-11T05:48:43.753Z",
"dateUpdated": "2025-02-13T16:38:47.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0193 (GCVE-0-2023-0193)
Vulnerability from cvelistv5 – Published: 2023-03-02 01:19 – Updated: 2025-03-05 21:30
VLAI
EPSS
VEX
Summary
NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | NVIDIA CUDA Toolkit |
Affected:
All versions prior to 12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:44.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5446"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T21:29:52.543670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T21:30:00.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "NVIDIA CUDA Toolkit",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA CUDA Toolkit SDK contains a vulnerability in \u003c/span\u003e\u003ccode\u003ecuobjdump\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure.\u003c/span\u003e\n\n"
}
],
"value": "\nNVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure.\n\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service, Information Disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T20:04:40.537Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5446"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2023-0193",
"datePublished": "2023-03-02T01:19:51.597Z",
"dateReserved": "2023-01-11T05:48:47.581Z",
"dateUpdated": "2025-03-05T21:30:00.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0645 (GCVE-0-2023-0645)
Vulnerability from cvelistv5 – Published: 2023-04-11 13:22 – Updated: 2026-06-29 19:34
VLAI
EPSS
VEX
Title
Out of Bounds read in libjxl
Summary
An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Date Public
2023-01-31 23:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-29T19:34:42.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/pull/2101"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/29/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:31:00.592408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:32:10.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Libjxl",
"repo": "https://github.com/libjxl/libjxl",
"vendor": "Libjxl",
"versions": [
{
"lessThan": "0.8.1",
"status": "affected",
"version": "0.7.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-31T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159\"\u003ehttps://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159\u003c/a\u003e"
}
],
"value": "An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit\u00a0 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 "
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T13:22:06.779Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159"
},
{
"url": "https://github.com/libjxl/libjxl/pull/2101"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out of Bounds read in libjxl",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-0645",
"datePublished": "2023-04-11T13:22:06.779Z",
"dateReserved": "2023-02-02T11:18:15.223Z",
"dateUpdated": "2026-06-29T19:34:42.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0668 (GCVE-0-2023-0668)
Vulnerability from cvelistv5 – Published: 2023-06-07 02:32 – Updated: 2025-11-03 21:47
VLAI
EPSS
VEX
Title
Wireshark IEEE-C37.118 parsing buffer overflow
Summary
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.0.0 , ≤ 4.0.5
(semver)
Unaffected: 4.0.6 Affected: 3.6.0 , ≤ 3.6.13 (semver) Unaffected: 3.6.14 |
Date Public
2023-05-22 19:04
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:47:03.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://takeonme.org/cves/CVE-2023-0668.html"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19087"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-19.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0668",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T14:58:27.192178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T14:59:00.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.0.6"
},
{
"lessThanOrEqual": "3.6.13",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.6.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "zenofex"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "WanderingGlitch"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Austin Hackers Anonymous!"
}
],
"datePublic": "2023-05-22T19:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."
}
],
"value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:13.594Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/CVE-2023-0668.html"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19087"
},
{
"tags": [
"release-notes"
],
"url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-19.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Wireshark IEEE-C37.118 parsing buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2023-0668",
"datePublished": "2023-06-07T02:32:45.095Z",
"dateReserved": "2023-02-03T22:08:47.155Z",
"dateUpdated": "2025-11-03T21:47:03.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0969 (GCVE-0-2023-0969)
Vulnerability from cvelistv5 – Published: 2023-06-21 19:40 – Updated: 2024-12-06 18:29
VLAI
EPSS
VEX
Title
Global read overflow in Z/IP Gateway
Summary
A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Silicon Labs | Z/IP Gateway |
Unaffected:
7.18.03
|
Date Public
2023-06-09 22:08
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T18:29:49.615476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T18:29:58.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Z/IP Gateway",
"vendor": "Silicon Labs",
"versions": [
{
"status": "unaffected",
"version": "7.18.03"
}
]
}
],
"datePublic": "2023-06-09T22:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory."
}
],
"value": "A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:29:54.520Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Global read overflow in Z/IP Gateway",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-0969",
"datePublished": "2023-06-21T19:40:44.577Z",
"dateReserved": "2023-02-22T20:48:59.433Z",
"dateUpdated": "2024-12-06T18:29:58.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0970 (GCVE-0-2023-0970)
Vulnerability from cvelistv5 – Published: 2023-06-21 19:41 – Updated: 2024-12-06 18:27
VLAI
EPSS
VEX
Title
Serial API Buffer Overflow in Z/IP Gateway
Summary
Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Silicon Labs | Z/IP Gateway |
Unaffected:
7.18.03
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T18:27:42.756082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T18:27:49.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Z/IP Gateway",
"vendor": "Silicon Labs",
"versions": [
{
"status": "unaffected",
"version": "7.18.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code."
}
],
"value": "Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:35:20.463Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Serial API Buffer Overflow in Z/IP Gateway",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-0970",
"datePublished": "2023-06-21T19:41:46.419Z",
"dateReserved": "2023-02-22T20:49:06.930Z",
"dateUpdated": "2024-12-06T18:27:49.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0972 (GCVE-0-2023-0972)
Vulnerability from cvelistv5 – Published: 2023-06-21 19:43 – Updated: 2024-12-06 18:27
VLAI
EPSS
VEX
Title
Buffer overflow in S0 Decryption on Z/IP Gatweay
Summary
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Silicon Labs | Z/IP Gateway |
Unaffected:
7.18.03
|
Date Public
2023-06-08 22:08
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T18:26:52.843962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T18:27:01.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Z/IP Gateway",
"vendor": "Silicon Labs",
"versions": [
{
"status": "unaffected",
"version": "7.18.03"
}
]
}
],
"datePublic": "2023-06-08T22:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution."
}
],
"value": "Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
},
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
},
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:41:17.919Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer overflow in S0 Decryption on Z/IP Gatweay",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-0972",
"datePublished": "2023-06-21T19:43:12.847Z",
"dateReserved": "2023-02-22T20:49:10.279Z",
"dateUpdated": "2024-12-06T18:27:01.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1380 (GCVE-0-2023-1380)
Vulnerability from cvelistv5 – Published: 2023-03-27 00:00 – Updated: 2024-08-02 05:49
VLAI
EPSS
VEX
Summary
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.
Severity
No CVSS data available.
CWE
Assigner
References
9 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:10.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177883"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang%40yonsei.ac.kr/T/#u"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/03/14/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230511-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html"
},
{
"name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"name": "DSA-5480",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info-\u003ereq_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T23:07:05.459Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177883"
},
{
"url": "https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang%40yonsei.ac.kr/T/#u"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/03/14/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230511-0001/"
},
{
"url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
},
{
"url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html"
},
{
"name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"name": "DSA-5480",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1380",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2023-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-02T05:49:10.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1544 (GCVE-0-2023-1544)
Vulnerability from cvelistv5 – Published: 2023-03-23 00:00 – Updated: 2025-11-03 19:27
VLAI
EPSS
VEX
Title
Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()
Summary
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
5 references
Impacted products
Date Public
2023-02-27 00:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qemu:rdma:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rdma",
"vendor": "qemu",
"versions": [
{
"lessThan": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-19T18:10:20.763384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T13:49:11.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:58.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1544"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180364"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230511-0005/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/qemu-project/qemu",
"defaultStatus": "affected",
"packageName": "qemu",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8.2.0-rc0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank SorryMybad (Kunlun Lab) for reporting this issue."
}
],
"datePublic": "2023-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:34:48.957Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1544"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180364"
},
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230511-0005/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-27T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-02-27T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()",
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-1544",
"datePublished": "2023-03-23T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:58.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-1916 (GCVE-0-2023-1916)
Vulnerability from cvelistv5 – Published: 2023-04-10 00:00 – Updated: 2024-08-02 06:05
VLAI
EPSS
VEX
Summary
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libtiff/libtiff/-/issues/536%2C"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libtiff/libtiff/-/issues/537"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libtiff",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libtiff versions 4.x and newer are affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-23T07:06:24.612Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/536%2C"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/537"
},
{
"url": "https://support.apple.com/kb/HT213844"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1916",
"datePublished": "2023-04-10T00:00:00.000Z",
"dateReserved": "2023-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T06:05:26.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Phase: Architecture and Design
Strategy: Language Selection
Description:
- Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.