CVE-2023-31194

Опубликовано: 05 июл. 2023

Источник: nvd

CVSS3: 5.3

CVSS3: 7.8

EPSS Низкий

Описание

An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1745
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1745
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1745

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:diagon_project:diagon:1.0.139:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00058

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-119

CWE-129

Связанные уязвимости

GHSA-f74j-v9xm-xxwc

CVSS3: 4

github

больше 2 лет назад

An access violation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.

EPSS

Процентиль: 18%

0.00058

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-119

CWE-129