PT-2023-27362 · Boron+1 · Boron+1

Halcy0Nic

Publicado

2023-08-13

Atualizado

2023-08-21

CVE-2023-40294

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Boron version 2.0.8

Description The issue is a heap-based buffer overflow in the ur parseBlockI function at i parse blk.c. This overflow can occur in the libboron component of Boron.

Recommendations For Boron version 2.0.8, consider disabling the ur parseBlockI function as a temporary workaround until a patch is available. Restrict access to the libboron component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2023-40294

Produtos afetados

Boron

Libboron

PT-2023-27362 · Boron+1 · Boron+1

CVE-2023-40294

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7