CVE-2023-36746

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 119
CWE ID 787

Summary

CVE-2023-36746 is a buffer overflow vulnerability affecting GTKWave 3.3.115. Multiple heap-based issues are identified in the `fstReaderIterBlocks2` function's `fstWritex len` handling during time table parsing. A maliciously crafted .fst file can cause memory corruption, potentially leading to arbitrary code execution if a victim opens the malicious file. This security flaw puts users at risk, emphasizing the importance of updating GTKWave to a patched version.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share