CVE-2023-3494

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 1, 2023

Updated: Aug 31, 2023

CWE ID 79

Summary

CVE-2023-3494 is a vulnerability affecting the fwctl driver in certain environments. The issue lies in the state machine implementation, which can cause a buffer overflow when a guest VM attempts to copy a string into a bhyve process' memory. Malicious software running within the guest VM can exploit this flaw to execute code in the bhyve userspace process, which usually operates with root privileges. However, the Capsicum sandbox mitigates this risk by limiting the capabilities of the bhyve process.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ASUS

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rnbsB1
https://www.cve.org/CVERecord?id=CVE-2023-3494
https://nvd.nist.gov/vuln/detail/CVE-2023-3494

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners

CVE-2023-3494

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations