CVE-2022-23946

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KiCad EDA versions 6.0.1 and master commit de006fc010

Description A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality. This issue can be triggered by a specially-crafted gerber or excellon file, potentially leading to code execution. An attacker can provide a malicious file to exploit this vulnerability.

Recommendations For KiCad EDA version 6.0.1, consider disabling the Gerber Viewer functionality until a patch is available. For KiCad EDA master commit de006fc010, restrict access to the GCodeNumber parsing functionality to minimize the risk of exploitation. Avoid using specially-crafted gerber or excellon files in the affected functionality until the issue is resolved.

Exploit

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

CVE-2022-23946

DLA-2998-1

DLA-3078-1

DSA-5214-1

MGASA-2022-0295

USN-7466-1

Affected Products

Kicad Eda

Linuxmint

Ubuntu

CVE-2022-23946

Weakness Enumeration

Related Identifiers

Affected Products

References · 31