CVE-2023-36746

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 119

CWE ID 787

Summary

CVE-2023-36746 is a buffer overflow vulnerability affecting GTKWave 3.3.115. Multiple heap-based issues are identified in the `fstReaderIterBlocks2` function's `fstWritex len` handling during time table parsing. A maliciously crafted .fst file can cause memory corruption, potentially leading to arbitrary code execution if a victim opens the malicious file. This security flaw puts users at risk, emphasizing the importance of updating GTKWave to a patched version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ry0Rtt
https://www.cve.org/CVERecord?id=CVE-2023-36746
https://nvd.nist.gov/vuln/detail/CVE-2023-36746

Back to Vulnerability Database

CVE-2023-36746

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations