CVE-2023-0841 - OpenCVE

A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gpac	Gpac

Configuration 1 [-]

cpe:2.3:a:gpac:gpac:2.3-dev-rev40-g3602a5ded:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/advisories/GHSA-w52x-cp47-xhhw
https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4
https://github.com/gpac/gpac/issues/2396
https://github.com/gpac/gpac/releases/tag/v2.2.1
https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3	Exploit
https://vuldb.com/?ctiid.221087	Permissions Required Third Party Advisory
https://vuldb.com/?id.221087	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2023-02-15T13:33:53.115Z

Updated: 2023-10-20T21:06:38.955Z

Reserved: 2023-02-15T13:33:07.194Z

Link: CVE-2023-0841

JSON object: View

NVD Information

Status : Modified

Published: 2023-02-15T14:15:13.283

Modified: 2024-05-28T21:15:43.983

Link: CVE-2023-0841

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-0841", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-02-15T13:33:07.194Z", "datePublished": "2023-02-15T13:33:53.115Z", "dateUpdated": "2023-10-20T21:06:38.955Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T21:06:38.955Z"}, "title": "GPAC reframe_mp3.c mp3_dmx_process heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "affected": [{"vendor": "n/a", "product": "GPAC", "versions": [{"version": "2.3-DEV-rev40-g3602a5ded", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087."}, {"lang": "de", "value": "Eine Schwachstelle wurde in GPAC 2.3-DEV-rev40-g3602a5ded entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion mp3_dmx_process der Datei filters/reframe_mp3.c. Durch das Beeinflussen mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2023-02-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-02-15T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-02-15T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-03-16T07:46:49.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "qianshuidewajueji (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.221087", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.221087", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3", "tags": ["exploit"]}, {"url": "https://github.com/advisories/GHSA-w52x-cp47-xhhw"}, {"url": "https://github.com/gpac/gpac/releases/tag/v2.2.1"}, {"url": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4"}, {"url": "https://github.com/gpac/gpac/issues/2396"}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev40-g3602a5ded:*:*:*:*:*:*:*", "matchCriteriaId": "BF8AB1FE-492D-4281-B779-FD501A50998C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087."}], "id": "CVE-2023-0841", "lastModified": "2024-05-28T21:15:43.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-02-15T14:15:13.283", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/advisories/GHSA-w52x-cp47-xhhw"}, {"source": "cna@vuldb.com", "url": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4"}, {"source": "cna@vuldb.com", "url": "https://github.com/gpac/gpac/issues/2396"}, {"source": "cna@vuldb.com", "url": "https://github.com/gpac/gpac/releases/tag/v2.2.1"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.221087"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.221087"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Secondary"}]}