Lucene search

Ubuntu.comUB:CVE-2024-23305

HistoryFeb 20, 2024 - 12:00 a.m.

CVE-2024-23305

2024-02-2000:00:00

ubuntu.com

brainvisionmarker parsing

biosig project

arbitrary code execution

vulnerability

unix platform

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

39.1%

JSON

An out-of-bounds write vulnerability exists in the BrainVisionMarker
Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master
Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary
code execution. An attacker can provide a malicious file to trigger this
vulnerability.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchbiosig< anyUNKNOWN
ubuntu24.04noarchbiosig< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	biosig	< any	UNKNOWN
ubuntu	24.04	noarch	biosig	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2024-23305

nvd.nist.gov/vuln/detail/CVE-2024-23305

security-tracker.debian.org/tracker/CVE-2024-23305

sourceforge.net/p/biosig/code/ci/76c1369de1a9a24feed558ab8834b4410310b07b/

talosintelligence.com/vulnerability_reports/TALOS-2024-1918

www.cve.org/CVERecord?id=CVE-2024-23305

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

39.1%

JSON

Related for UB:CVE-2024-23305