CVE-2023-2617 - OpenCVE

A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Opencv	Opencv

Configuration 1 [-]

cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*

References

Link	Resource
https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270	Product
https://github.com/opencv/opencv_contrib/pull/3480	Issue Tracking Patch
https://vuldb.com/?ctiid.228547	Permissions Required
https://vuldb.com/?id.228547	Permissions Required

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2023-05-10T05:31:03.420Z

Updated: 2023-10-23T05:33:19.516Z

Reserved: 2023-05-10T05:06:27.204Z

Link: CVE-2023-2617

JSON object: View

NVD Information

Status : Modified

Published: 2023-05-10T06:15:16.853

Modified: 2024-05-17T02:23:05.400

Link: CVE-2023-2617

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-2617", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-05-10T05:06:27.204Z", "datePublished": "2023-05-10T05:31:03.420Z", "dateUpdated": "2023-10-23T05:33:19.516Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-23T05:33:19.516Z"}, "title": "OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "affected": [{"vendor": "OpenCV", "product": "wechat_qrcode Module", "versions": [{"version": "4.0", "status": "affected"}, {"version": "4.1", "status": "affected"}, {"version": "4.2", "status": "affected"}, {"version": "4.3", "status": "affected"}, {"version": "4.4", "status": "affected"}, {"version": "4.5", "status": "affected"}, {"version": "4.6", "status": "affected"}, {"version": "4.7", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547."}, {"lang": "de", "value": "In OpenCV wechat_qrcode Module bis 4.7.0 wurde eine problematische Schwachstelle entdeckt. Betroffen ist die Funktion DecodedBitStreamParser::decodeByteSegment der Datei qrcode/decoder/decoded_bit_stream_parser.cpp. Dank der Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "timeline": [{"time": "2023-05-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-05-10T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-05-10T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-06-02T07:45:57.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Haoyu Chen", "type": "finder"}, {"lang": "en", "value": "Linkai Zheng", "type": "finder"}, {"lang": "en", "value": "Liangyu Zhang", "type": "finder"}, {"lang": "en", "value": "NanoApe (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.228547", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.228547", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/opencv/opencv_contrib/pull/3480", "tags": ["issue-tracking", "patch"]}, {"url": "https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270", "tags": ["exploit"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*", "matchCriteriaId": "C972C011-33EA-4902-BECD-9D822FECB047", "versionEndIncluding": "4.7.0", "versionStartIncluding": "4.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547."}], "id": "CVE-2023-2617", "lastModified": "2024-05-17T02:23:05.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-05-10T06:15:16.853", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/opencv/opencv_contrib/pull/3480"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.228547"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?id.228547"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "cna@vuldb.com", "type": "Secondary"}]}