CVE-2023-2789

CWE-4045 documents5 sources
Severity
7.5HIGH
EPSS
0.2%
top 62.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Cflow
Timeline
PublishedMay 18

Description

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

CVEListV5gnu/cflow1.7
NVDgnu/cflow1.7

🔴Vulnerability Details

3
GHSA
GHSA-h6vj-vg8j-jfqp: A vulnerability was found in GNU cflow 12023-05-18
OSV
CVE-2023-2789: A vulnerability was found in GNU cflow 12023-05-18
CVEList
GNU cflow parser.c parse_variable_declaration denial of service2023-05-18

📋Vendor Advisories

1
Debian
CVE-2023-2789: cflow - A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. Th...2023
CVE-2023-2789 (HIGH CVSS 7.5) | A vulnerability was found in GNU cf | cvebase.io