PT-2024-12621 · Gtkwave · Gtkwave

Claudio Bozzato

Published

2024-01-08

Updated

2024-04-09

CVE-2023-37443

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to out-of-bounds read vulnerabilities in the VCD var definition section functionality. A specially crafted .vcd file can lead to arbitrary code execution when opened by a victim. This is triggered via the GUI's legacy VCD parsing code.

Recommendations For GTKWave version 3.3.115, avoid opening untrusted .vcd files until a patch is available. As a temporary workaround, consider disabling the legacy VCD parsing code to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2023-37443

DLA-3785-1

DSA-5653-1

Affected Products

Gtkwave

PT-2024-12621 · Gtkwave · Gtkwave

CVE-2023-37443

Weakness Enumeration

Related Identifiers

Affected Products

References · 11