CVE-2023-2618 - OpenCVE

A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Opencv	Opencv

Configuration 1 [-]

cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/opencv/opencv_contrib/pull/3484	Patch
https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6	Patch
https://vuldb.com/?ctiid.228548	Permissions Required
https://vuldb.com/?id.228548	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2023-05-10T05:31:04.406Z

Updated: 2023-10-23T05:34:32.672Z

Reserved: 2023-05-10T05:06:29.634Z

Link: CVE-2023-2618

JSON object: View

NVD Information

Status : Modified

Published: 2023-05-10T06:15:17.577

Modified: 2024-05-17T02:23:05.530

Link: CVE-2023-2618

JSON object: View

Redhat Information

No data.

CWE

CWE-401

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-2618", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-05-10T05:06:29.634Z", "datePublished": "2023-05-10T05:31:04.406Z", "dateUpdated": "2023-10-23T05:34:32.672Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-23T05:34:32.672Z"}, "title": "OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-401", "lang": "en", "description": "CWE-401 Memory Leak"}]}], "affected": [{"vendor": "OpenCV", "product": "wechat_qrcode Module", "versions": [{"version": "4.0", "status": "affected"}, {"version": "4.1", "status": "affected"}, {"version": "4.2", "status": "affected"}, {"version": "4.3", "status": "affected"}, {"version": "4.4", "status": "affected"}, {"version": "4.5", "status": "affected"}, {"version": "4.6", "status": "affected"}, {"version": "4.7", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in OpenCV wechat_qrcode Module bis 4.7.0 entdeckt. Betroffen davon ist die Funktion DecodedBitStreamParser::decodeHanziSegment der Datei qrcode/decoder/decoded_bit_stream_parser.cpp. Dank Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 2b62ff6181163eea029ed1cab11363b4996e9cd6 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "timeline": [{"time": "2023-05-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-05-10T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-05-10T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-06-02T07:57:43.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Linkai Zheng", "type": "finder"}, {"lang": "en", "value": "NanoApe (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.228548", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.228548", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/opencv/opencv_contrib/pull/3484", "tags": ["issue-tracking"]}, {"url": "https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6", "tags": ["issue-tracking", "patch"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E48C61B-44A4-4B46-8B52-33F0DD50DB35", "versionEndExcluding": "4.8.0", "versionStartIncluding": "4.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548."}], "id": "CVE-2023-2618", "lastModified": "2024-05-17T02:23:05.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-05-10T06:15:17.577", "references": [{"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/opencv/opencv_contrib/pull/3484"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.228548"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.228548"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "cna@vuldb.com", "type": "Primary"}]}