CVE-2023-40295

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 14, 2023
Updated: Aug 21, 2023
CWE ID 787

Summary

CVE-2023-40295 is a newly disclosed vulnerability affecting the libboron library in Boron 2.0.8. This issue involves a heap-based buffer overflow in the ur_strInitUtf8 function found at string.c. An attacker can exploit this vulnerability by sending maliciously crafted input to vulnerable applications, resulting in arbitrary code execution or denial-of-service conditions. Successful exploitation could lead to significant security risks, including system compromise and data loss. Users are encouraged to update their Boron installations to a patched version as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share