PT-2023-6870 · Tellus+1 · Tellus+1
Michael Heinzl
·
Published
2023-11-10
·
Updated
2023-11-21
·
CVE-2023-47582
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TELLUS versions 4.0.17.0 and earlier
TELLUS Lite versions 4.0.17.0 and earlier
Description
The issue is related to the access of an uninitialized pointer, which can lead to information disclosure and/or arbitrary code execution. This can occur when a user opens a specially crafted file, such as X1, V8, or V9 files. The vulnerability can be exploited by a remote attacker using such a file, potentially allowing them to execute arbitrary code.
Recommendations
For TELLUS versions 4.0.17.0 and earlier, avoid opening specially crafted files until a patch is available.
For TELLUS Lite versions 4.0.17.0 and earlier, avoid opening specially crafted files until a patch is available.
As a temporary workaround, consider restricting access to files that could potentially exploit the vulnerability, such as X1, V8, or V9 files, until a patch is available.
Fix
Access of Uninitialized Pointer
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tellus
Tellus Lite