CVE-2023-52389

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions POCO versions prior to 1.11.8p2 POCO versions prior to 1.12.5p2 POCO versions prior to 1.13.0

Description The issue is caused by an integer overflow and resultant stack buffer overflow in UTF32Encoding.cpp, specifically in the Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() functions. This occurs when a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher, potentially returning a negative integer.

Recommendations For versions prior to 1.11.8p2, update to version 1.11.8p2 or later. For versions prior to 1.12.5p2, update to version 1.12.5p2 or later. For versions prior to 1.13.0, update to version 1.13.0 or later.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2019-2751

ALT-PU-2022-7647

ALT-PU-2023-8418

ALT-PU-2023-8419

ALT-PU-2024-13338

ALT-PU-2024-13957

ALT-PU-2024-15577

BDU:2025-04748

CVE-2023-52389

DLA-4024-1

OPENSUSE-SU-2025:15322-1

Affected Products

Alt Linux

Poco

CVE-2023-52389

Weakness Enumeration

Related Identifiers

Affected Products

References · 23