CVE-2023-46045
Public on 2024-01-29
Modified on 2024-02-02
Description
buffer overflow via a crafted config6a file
NOTE: Crosses no security boundary, config files are under local control
NOTE: https://gitlab.com/graphviz/graphviz/-/issues/2441
NOTE: Introduced by: https://gitlab.com/graphviz/graphviz/-/commit/cf95714837f06f684929b54659523c2c9b1fc19f (2.38.0)
NOTE: Fixed by: https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb
NOTE: Fixed by: https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a
NOTE: Fixed by: https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e
NOTE: Crosses no security boundary, config files are under local control
NOTE: https://gitlab.com/graphviz/graphviz/-/issues/2441
NOTE: Introduced by: https://gitlab.com/graphviz/graphviz/-/commit/cf95714837f06f684929b54659523c2c9b1fc19f (2.38.0)
NOTE: Fixed by: https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb
NOTE: Fixed by: https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a
NOTE: Fixed by: https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | graphviz | No Fix Planned | ||
| Amazon Linux 2 - Core | graphviz | Not Affected | ||
| Amazon Linux 2023 | graphviz | 2024-02-15 | ALAS2023-2024-527 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.2 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H |
| NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |