CVE-2023-39427
published 2023-10-26CVE-2023-39427: In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied…
PriorityP340high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.20%
10.2th percentile
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ashlar-vellum | argon | — | — |
| ashlar-vellum | cobalt | — | — |
| ashlar-vellum | cobalt_share | — | — |
| ashlar-vellum | lithium | — | — |
| ashlar-vellum | xenon | — | — |
| ashlar | argon | < 12.4.1204.200 | 12.4.1204.200 |
| ashlar | cobalt | < 12.4.1204.200 | 12.4.1204.200 |
| ashlar | graphite | <= 13.0.48 | — |
| ashlar | lithium | < 12.4.1204.200 | 12.4.1204.200 |
| ashlar | xenon | < 12.4.1204.200 | 12.4.1204.200 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium (Update A)
cisa_ics·2025-02-04·CVSS 7.8
[HIGH] Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium (Update A)
ICS Advisory
##
Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium (Update A)
Last RevisedFebruary 04, 2025
Alert CodeICSA-23-299-03
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.4
- ATTENTION: Low attack complexity
- Vendor: Ashlar-Vellum
- Equipment: Cobalt, Graphite, Xenon, Argon, Lithium, and Cobalt Share
- Vulnerabilities: Out-of-bounds Write, Heap-based Buffer Overflow, Out-of-Bounds Read
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Ashlar-Vellum products are affected:
- Cobalt: Versions prior to v12 SP2 Build (1204.20
GHSA
GHSA-xxcp-3qr6-x6g4: In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204
ghsa_unreviewed·2023-10-26
CVE-2023-39427 [HIGH] CWE-787 GHSA-xxcp-3qr6-x6g4: In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-10-26
Published