CVE-2023-35959

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Jan 11, 2024
CWE ID 78

Summary

CVE-2023-35959 is a vulnerability that affects GTKWave version 3.3.115 and is categorized as a high-severity OS command injection vulnerability. By opening a specially crafted wave file, an attacker can execute arbitrary commands on the victim's system. This vulnerability specifically targets the decompression functionality of .ghw files. The exploitability score is 1.8, indicating a relatively low level of difficulty for attackers to exploit this vulnerability. The base severity score is 7.8, with high impacts on integrity and confidentiality, as well as a required level of user interaction. It poses a significant danger to organizations that use GTKWave if they do not remediate it promptly.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35959 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options