{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43641", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-20T15:35:38.146Z", "datePublished": "2023-10-09T21:01:04.603Z", "dateUpdated": "2024-08-02T19:44:43.840Z"}, "containers": {"cna": {"title": "libcue vulnerable to out-of-bounds array access", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/", "tags": ["x_refsource_CONFIRM"], "url": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/"}, {"name": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj", "tags": ["x_refsource_MISC"], "url": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj"}, {"name": "https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea", "tags": ["x_refsource_MISC"], "url": "https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea"}, {"name": "https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e", "tags": ["x_refsource_MISC"], "url": "https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57JEYTRFG4PVGZZ7HIEFTX5I7OONFFMI/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00018.html"}, {"url": "https://www.debian.org/security/2023/dsa-5524"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PGQOMFDBXGM3DOICCXKCUS76OTKTSPMN/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XUS4HTNGGGUIFLYSKTODCRIOXLX5HGV3/"}, {"url": "http://packetstormsecurity.com/files/176128/libcue-2.2.1-Out-Of-Bounds-Access.html"}], "affected": [{"vendor": "lipnitsk", "product": "libcue", "versions": [{"version": "<= 2.2.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-11T16:03:44.394Z"}, "descriptions": [{"lang": "en", "value": "libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0."}], "source": {"advisory": "GHSA-345j-mp2x-2x7w", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43641", "role": "CISA Coordinator", "options": [{"Exploitation": "PoC"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-05-14T04:00:17.227655Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:lipnitsk:libcue:-:*:*:*:*:*:*:*"], "vendor": "lipnitsk", "product": "libcue", "versions": [{"status": "affected", "version": "-", "lessThan": "<= 2.2.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:25:56.402Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:44:43.840Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/"}, {"name": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj"}, {"name": "https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea"}, {"name": "https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57JEYTRFG4PVGZZ7HIEFTX5I7OONFFMI/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00018.html", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5524", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PGQOMFDBXGM3DOICCXKCUS76OTKTSPMN/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XUS4HTNGGGUIFLYSKTODCRIOXLX5HGV3/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176128/libcue-2.2.1-Out-Of-Bounds-Access.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/", "name": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj", "name": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea", "name": "https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e", "name": "https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57JEYTRFG4PVGZZ7HIEFTX5I7OONFFMI/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00018.html", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5524", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PGQOMFDBXGM3DOICCXKCUS76OTKTSPMN/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XUS4HTNGGGUIFLYSKTODCRIOXLX5HGV3/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176128/libcue-2.2.1-Out-Of-Bounds-Access.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:44:43.840Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43641", "role": "CISA Coordinator", "options": [{"Exploitation": "PoC"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-05-14T04:00:17.227655Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:lipnitsk:libcue:-:*:*:*:*:*:*:*"], "vendor": "lipnitsk", "product": "libcue", "versions": [{"status": "affected", "version": "-", "lessThan": "<= 2.2.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T16:52:10.658Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "libcue vulnerable to out-of-bounds array access", "source": {"advisory": "GHSA-345j-mp2x-2x7w", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "lipnitsk", "product": "libcue", "versions": [{"status": "affected", "version": "<= 2.2.1"}]}], "references": [{"url": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/", "name": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj", "name": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea", "name": "https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e", "name": "https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e", "tags": ["x_refsource_MISC"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57JEYTRFG4PVGZZ7HIEFTX5I7OONFFMI/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00018.html"}, {"url": "https://www.debian.org/security/2023/dsa-5524"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PGQOMFDBXGM3DOICCXKCUS76OTKTSPMN/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XUS4HTNGGGUIFLYSKTODCRIOXLX5HGV3/"}, {"url": "http://packetstormsecurity.com/files/176128/libcue-2.2.1-Out-Of-Bounds-Access.html"}], "descriptions": [{"lang": "en", "value": "libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-11T16:03:44.394Z"}}}, "cveMetadata": {"cveId": "CVE-2023-43641", "state": "PUBLISHED", "dateUpdated": "2024-08-02T19:44:43.840Z", "dateReserved": "2023-09-20T15:35:38.146Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-09T21:01:04.603Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lipnitsk:libcue:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA6D33B0-FEB7-4FF4-A14E-AEE786CE96E6", "versionEndExcluding": "2.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0."}, {"lang": "es", "value": "libcue proporciona una API para analizar y extraer datos de hojas CUE. Las versiones 2.2.1 y anteriores son vulnerables al acceso a matrices fuera de los l\u00edmites. Un usuario del entorno de escritorio GNOME puede ser explotado descargando una hoja CUE de una p\u00e1gina web maliciosa. Debido a que el archivo se guarda en `~/Downloads`, los tracker-miners lo escanean autom\u00e1ticamente. Y debido a que tiene una extensi\u00f3n de nombre de archivo .cue, los tracker-miners usan libcue para analizar el archivo. El archivo explota la vulnerabilidad en libcue para obtener la ejecuci\u00f3n del c\u00f3digo. Este problema se solucion\u00f3 en la versi\u00f3n 2.3.0."}], "id": "CVE-2023-43641", "lastModified": "2023-12-09T19:15:07.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-09T22:15:12.707", "references": [{"source": "security-advisories@github.com", "url": "http://packetstormsecurity.com/files/176128/libcue-2.2.1-Out-Of-Bounds-Access.html"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e"}, {"source": "security-advisories@github.com", "tags": ["Exploit"], "url": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj"}, {"source": "security-advisories@github.com", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00018.html"}, {"source": "security-advisories@github.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57JEYTRFG4PVGZZ7HIEFTX5I7OONFFMI/"}, {"source": "security-advisories@github.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PGQOMFDBXGM3DOICCXKCUS76OTKTSPMN/"}, {"source": "security-advisories@github.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XUS4HTNGGGUIFLYSKTODCRIOXLX5HGV3/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5524"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "libcue: out-of-bounds array access leads to RCE", "id": "2243166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243166"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.", "A flaw was found in libcue, which is consumed by the tracker-miners application. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious web page, allowing remote code execution."], "name": "CVE-2023-43641", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tracker-miners", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "tracker-miners", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "tracker-miners", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-10-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-43641\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-43641\nhttps://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/"], "statement": "The libcue library is disabled in Red Hat builds of the tracker-miners package making Red Hat Enterprise Linux 7, 8 and 9 not affected by this vulnerability.", "threat_severity": "Important"}