CVE-2023-38649

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 119
CWE ID 787

Summary

CVE-2023-38649 is a critical vulnerability affecting GTKWave 3.3.115. The issue lies in the vzt_rd_get_facname decompression functionality, which contains multiple out-of-bounds write vulnerabilities. A maliciously crafted .vzt file can exploit these weaknesses, resulting in arbitrary code execution. The vulnerability stems from an out-of-bounds string copy loop within the affected functionality. Successful exploitation requires a victim to open the malicious file.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share