CVE-2023-2789 - OpenCVE

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnu	Cflow

Configuration 1 [-]

cpe:2.3:a:gnu:cflow:1.7:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md
https://github.com/DaisyPo/fuzzing-vulncollect/files/11343936/poc-file.zip
https://vuldb.com/?ctiid.229373
https://vuldb.com/?id.229373

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-05-18T12:31:03.470Z

Updated: 2024-08-02T06:33:05.607Z

Reserved: 2023-05-18T12:02:42.211Z

Link: CVE-2023-2789

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-05-18T13:15:09.507

Modified: 2024-05-17T02:23:15.870

Link: CVE-2023-2789

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2789", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-05-18T12:02:42.211Z", "datePublished": "2023-05-18T12:31:03.470Z", "dateUpdated": "2024-08-02T06:33:05.607Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-23T06:40:27.356Z"}, "title": "GNU cflow parser.c parse_variable_declaration denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Denial of Service"}]}], "affected": [{"vendor": "GNU", "product": "cflow", "versions": [{"version": "1.7", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in GNU cflow 1.7 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion func_body/parse_variable_declaration der Datei parser.c. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}}], "timeline": [{"time": "2023-05-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-05-18T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-05-18T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-06-10T18:02:26.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "DaisyPo (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.229373", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.229373", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md", "tags": ["related"]}, {"url": "https://github.com/DaisyPo/fuzzing-vulncollect/files/11343936/poc-file.zip", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.607Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.229373", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.229373", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md", "tags": ["related", "x_transferred"]}, {"url": "https://github.com/DaisyPo/fuzzing-vulncollect/files/11343936/poc-file.zip", "tags": ["exploit", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:cflow:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "E65C9A0B-1990-4D3A-8696-6F5004DA0D8E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2023-2789", "lastModified": "2024-05-17T02:23:15.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-05-18T13:15:09.507", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/DaisyPo/fuzzing-vulncollect/files/11343936/poc-file.zip"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.229373"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.229373"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Primary"}]}