CVE-2023-35767

2023-11-0816:15:08

CWE-400

Perforce

web.nvd.nist.gov

helix core

dos

cve-2023-35767

nvd

jason geffner

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

33.0%

JSON

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.

Affected configurations

Nvd

Node

perforcehelix_coreRange<2023.2

VendorProductVersionCPE
perforcehelix_core*cpe:2.3:a:perforce:helix_core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
perforce	helix_core	*	cpe:2.3:a:perforce:helix_core::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Helix Core",
    "vendor": "Helix",
    "versions": [
      {
        "lessThan": "2023.2",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2023.1 Patch 2",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2022.2 Patch 3",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2022.1 Patch 6",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2021.2 Patch 10",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Helix Swarm",
    "vendor": "Helix ",
    "versions": [
      {
        "lessThan": "2024.1 ",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  }
]