CVE-2023-2226

Name of the Vulnerable Software and Affected Versions Velociraptor versions prior to 0.6.8

Description The issue is caused by insufficient validation in the PE and OLE parsers, allowing an attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to introduce malicious files to the system while Velociraptor attempts to collect artifacts that parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart, and it will still be possible to collect other artifacts.

Recommendations For versions prior to 0.6.8, update to version 0.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to prevent the introduction of malicious files while Velociraptor is collecting artifacts.