Lucene search

TalosCVE-2023-38127

HistoryOct 19, 2023 - 6:15 p.m.

CVE-2023-38127

2023-10-1918:15:09

CWE-190

talos

web.nvd.nist.gov

cve-2023-38127

ichitaro

stream parser

integer overflow

memory corruption

arbitrary code execution

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

51.2%

JSON

An integer overflow exists in the “HyperLinkFrame” stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Affected configurations

Nvd

Vulners

Node

justsystemseasy_postcard_maxMatch-

justsystemsichitaro_2021Match-

justsystemsichitaro_2022Match-

justsystemsichitaro_2023Match1.0.1.59372

justsystemsichitaro_government_10Match-

justsystemsichitaro_government_8Match-

justsystemsichitaro_government_9Match-

justsystemsichitaro_pro_3Match-

justsystemsichitaro_pro_4Match-

justsystemsichitaro_pro_5Match-

justsystemsjust_government_3Match-

justsystemsjust_government_4Match-

justsystemsjust_government_5Match-

justsystemsjust_office_3Match-

justsystemsjust_office_4Match-

justsystemsjust_office_5Match-

justsystemsjust_police_3Match-

justsystemsjust_police_4Match-

justsystemsjust_police_5Match-

VendorProductVersionCPE
justsystemseasy_postcard_max-cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
justsystemsichitaro_2021-cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
justsystemsichitaro_2022-cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
justsystemsichitaro_20231.0.1.59372cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
justsystemsichitaro_government_10-cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
justsystemsichitaro_government_8-cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
justsystemsichitaro_government_9-cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_3-cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_4-cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_5-cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
justsystems	easy_postcard_max	-	cpe:2.3:a:justsystems:easy_postcard_max:-:::::::*
justsystems	ichitaro_2021	-	cpe:2.3:a:justsystems:ichitaro_2021:-:::::::*
justsystems	ichitaro_2022	-	cpe:2.3:a:justsystems:ichitaro_2022:-:::::::*
justsystems	ichitaro_2023	1.0.1.59372	cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:::::::*
justsystems	ichitaro_government_10	-	cpe:2.3:a:justsystems:ichitaro_government_10:-:::::::*
justsystems	ichitaro_government_8	-	cpe:2.3:a:justsystems:ichitaro_government_8:-:::::::*
justsystems	ichitaro_government_9	-	cpe:2.3:a:justsystems:ichitaro_government_9:-:::::::*
justsystems	ichitaro_pro_3	-	cpe:2.3:a:justsystems:ichitaro_pro_3:-:::::::*
justsystems	ichitaro_pro_4	-	cpe:2.3:a:justsystems:ichitaro_pro_4:-:::::::*
justsystems	ichitaro_pro_5	-	cpe:2.3:a:justsystems:ichitaro_pro_5:-:::::::*

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "vendor": "Ichitaro 2023",
    "product": "Ichitaro 2023",
    "versions": [
      {
        "version": "1.0.1.59372",
        "status": "affected"
      }
    ]
  }
]