{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38562", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-08-03T21:04:53.424Z", "datePublished": "2024-02-20T14:45:02.733Z", "dateUpdated": "2024-08-21T14:08:48.788Z"}, "containers": {"cna": {"affected": [{"vendor": "Weston Embedded", "product": "uC-TCP-IP", "versions": [{"version": "v3.06.01", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-415: Double Free", "type": "CWE", "cweId": "CWE-415"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-02-20T18:00:11.491Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829"}], "credits": [{"lang": "en", "value": "Discovered by Kelly Patterson of Cisco Talos."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:46:55.845Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "weston-embedded", "product": "uc-tcp-ip", "cpes": ["cpe:2.3:a:weston-embedded:uc-tcp-ip:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.06.01", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T14:03:15.279640Z", "id": "CVE-2023-38562", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T14:08:48.788Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:46:55.845Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38562", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-21T14:03:15.279640Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:weston-embedded:uc-tcp-ip:*:*:*:*:*:*:*:*"], "vendor": "weston-embedded", "product": "uc-tcp-ip", "versions": [{"status": "affected", "version": "3.06.01"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T14:08:12.203Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Kelly Patterson of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Weston Embedded", "product": "uC-TCP-IP", "versions": [{"status": "affected", "version": "v3.06.01"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829"}], "descriptions": [{"lang": "en", "value": "A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415: Double Free"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-02-20T18:00:11.491Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38562", "state": "PUBLISHED", "dateUpdated": "2024-08-21T14:08:48.788Z", "dateReserved": "2023-08-03T21:04:53.424Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-02-20T14:45:02.733Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:weston-embedded:uc-tcp-ip:3.06.01:*:*:*:*:*:*:*", "matchCriteriaId": "27A185C2-4CE9-475C-B0F8-F48EFF1CAEFF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de doble liberaci\u00f3n en la funcionalidad de an\u00e1lisis de bucle invertido del encabezado IP de Weston Embedded uC-TCP-IP v3.06.01. Un conjunto de paquetes de red especialmente manipulado puede provocar da\u00f1os en la memoria, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo. Un atacante puede enviar una secuencia de paquetes no autenticados para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-38562", "lastModified": "2025-02-12T18:51:08.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.8, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-20T15:15:08.020", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}