{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-40897", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-07-12T07:12:22.373Z", "datePublished": "2024-07-26T06:03:23.768Z", "dateUpdated": "2024-08-02T04:39:54.855Z"}, "containers": {"cna": {"affected": [{"vendor": "GStreamer", "product": "ORC", "versions": [{"version": "prior to 0.4.39", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments."}], "problemTypes": [{"descriptions": [{"description": "Stack-based buffer overflow", "lang": "en", "type": "text"}]}], "references": [{"url": "https://github.com/GStreamer/orc"}, {"url": "https://gstreamer.freedesktop.org/modules/orc.html"}, {"url": "https://jvn.jp/en/jp/JVN02030803/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/26/1"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-07-26T06:03:23.768Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "affected": [{"vendor": "gstreamer", "product": "orc", "cpes": ["cpe:2.3:a:gstreamer:orc:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.4.39", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-26T13:59:16.020539Z", "id": "CVE-2024-40897", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T14:03:38.937Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:54.855Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/GStreamer/orc", "tags": ["x_transferred"]}, {"url": "https://gstreamer.freedesktop.org/modules/orc.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN02030803/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/26/1", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/GStreamer/orc", "tags": ["x_transferred"]}, {"url": "https://gstreamer.freedesktop.org/modules/orc.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN02030803/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/26/1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:54.855Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-40897", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-26T13:59:16.020539Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gstreamer:orc:*:*:*:*:*:*:*:*"], "vendor": "gstreamer", "product": "orc", "versions": [{"status": "affected", "version": "0", "lessThan": "0.4.39", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T14:00:08.123Z"}}], "cna": {"affected": [{"vendor": "GStreamer", "product": "ORC", "versions": [{"status": "affected", "version": "prior to 0.4.39"}]}], "references": [{"url": "https://github.com/GStreamer/orc"}, {"url": "https://gstreamer.freedesktop.org/modules/orc.html"}, {"url": "https://jvn.jp/en/jp/JVN02030803/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/26/1"}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Stack-based buffer overflow"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-07-26T06:03:23.768Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40897", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:39:54.855Z", "dateReserved": "2024-07-12T07:12:22.373Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-07-26T06:03:23.768Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gstreamer:orc:*:*:*:*:*:*:*:*", "matchCriteriaId": "225518F5-6BD6-4014-ACE0-6A2B50088872", "versionEndExcluding": "0.4.39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en orcparse.c de versiones de ORC anteriores a la 0.4.39. Si se enga\u00f1a a un desarrollador para que procese un archivo especialmente manipulado con el compilador ORC afectado, se puede ejecutar un c\u00f3digo arbitrario en el entorno de compilaci\u00f3n del desarrollador. Esto puede poner en peligro las m\u00e1quinas de desarrollo o los entornos de compilaci\u00f3n de CI."}], "id": "CVE-2024-40897", "lastModified": "2024-08-27T13:52:53.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-26T06:15:02.290", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/07/26/1"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://github.com/GStreamer/orc"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://gstreamer.freedesktop.org/modules/orc.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN02030803/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5306", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "orc-0:0.4.28-4.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5882", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "orc-0:0.4.28-4.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-08-27T00:00:00Z"}, {"advisory": "RHSA-2024:6159", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "orc-0:0.4.28-4.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6159", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "orc-0:0.4.28-4.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6159", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "orc-0:0.4.28-4.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6184", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "orc-0:0.4.31-7.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:5629", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "orc-0:0.4.31-7.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-20T00:00:00Z"}, {"advisory": "RHSA-2024:5638", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "orc-0:0.4.31-7.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-20T00:00:00Z"}], "bugzilla": {"description": "orc: Stack-based buffer overflow vulnerability in ORC", "id": "2300010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300010"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40897", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "orc", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-07-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40897\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40897\nhttps://github.com/GStreamer/orc\nhttps://gstreamer.freedesktop.org/modules/orc.html\nhttps://jvn.jp/en/jp/JVN02030803/"], "threat_severity": "Moderate"}