CVE-2023-35994

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to improper array index validation vulnerabilities in the fstReaderIterBlocks2 tdelta functionality. A specially crafted .fst file can lead to arbitrary code execution. To trigger the issue, a victim would need to open a malicious file. The vulnerability is specifically concerned with the tdelta initialization part.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of the fstReaderIterBlocks2 tdelta functionality until a fix is available. As a temporary workaround, restrict the opening of .fst files from untrusted sources to minimize the risk of exploitation.

Exploit

Fix

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

CVE-2023-35994

DLA-3785-1

DSA-5653-1

Affected Products

Gtkwave

CVE-2023-35994

Weakness Enumeration

Related Identifiers

Affected Products

References · 11