CVE-2023-38648

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 119

CWE ID 787

Summary

CVE-2023-38648 is a critical vulnerability affecting GTKWave 3.3.115. The issue lies in the vzt_rd_get_facname decompression functionality, where multiple out-of-bounds write vulnerabilities have been identified. A maliciously crafted .vzt file can exploit these vulnerabilities, resulting in arbitrary code execution. This occurs due to a prefix copy loop performing an out-of-bounds write. Users are advised to update their GTKWave installation as soon as possible to protect against potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sEuNsi
https://www.cve.org/CVERecord?id=CVE-2023-38648
https://nvd.nist.gov/vuln/detail/CVE-2023-38648

Back to Vulnerability Database

CVE-2023-38648

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations