Re: Buffer Overflow in graphviz via via a crafted config6a file
2024-2-21 14:9:12 Author: seclists.org(查看原文) 阅读量:14 收藏

fulldisclosure logo

Full Disclosure mailing list archives


From: Matthew Fernandez <matthew.fernandez () gmail com>
Date: Wed, 14 Feb 2024 17:25:34 +1100



On 1/27/24 10:15, Matthew Fernandez wrote:


On 1/20/24 15:07, Meng Ruijie wrote:
[Vulnerability description]
Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote attacker to execute arbitrary code via a crafted config6a file.

[Vulnerability Type]
Buffer Overflow

More specifically, this issue is an out-of-bounds read.

[Vendor of Product]
graphviz

[Affected Product Code Base]
graphviz - 2.43.0

AFAICT the issue was actually introduced in Graphviz 2.36. It was fixed in commit a95f977f5d809915ec4b14836d2b5b7f5e74881e (essentially reverting cf95714837f06f684929b54659523c2c9b1fc19f that introduced the issue), but there has been no release yet since then. The next release will be 10.0.0. So affected versions would be [2.36, 10.0.0).

The fix for this ended up landing in Graphviz 10.0.1, available at https://graphviz.org/download/.

Details of this CVE (CVE-2023-46045) are now published, but the CPEs are incomplete. For those who track such things, the affected range is [2.36.0, 10.0.1).
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/


Current thread:

  • Re: Buffer Overflow in graphviz via via a crafted config6a file Matthew Fernandez (Feb 20)

文章来源: https://seclists.org/fulldisclosure/2024/Feb/24
如有侵权请联系:admin#unsafe.sh