{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-38127", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-07-17T21:54:43.843Z", "datePublished": "2023-10-19T17:00:43.288Z", "dateUpdated": "2023-10-20T17:00:06.976Z"}, "containers": {"cna": {"affected": [{"vendor": "Ichitaro 2023", "product": "Ichitaro 2023", "versions": [{"version": "1.0.1.59372", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE", "cweId": "CWE-190"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-10-20T17:00:06.976Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808"}, {"url": "https://jvn.jp/en/jp/JVN28846531/index.html", "name": "https://jvn.jp/en/jp/JVN28846531/index.html"}], "credits": [{"lang": "en", "value": "Discovered by a member of Cisco Talos."}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*", "matchCriteriaId": "D68E98B0-38CA-4148-825D-CF7C8AABB5BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*", "matchCriteriaId": "1755383C-2B74-4DD7-9C9B-DB19C12CA94D", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*", "matchCriteriaId": "1274E0AB-BDE0-45FB-B3A2-522E3AE4E41A", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*", "matchCriteriaId": "15B1DC82-380D-4CF4-AF35-4AF2A1CBF778", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A1C403A-6787-4347-AF6F-69F225944011", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*", "matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*", "matchCriteriaId": "65A56D02-7438-4319-BFD1-64FB11BC758C", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "36AE4633-5418-4009-B51D-4A1F542B1A88", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*", "matchCriteriaId": "21A4F85C-EA95-4853-9A8C-C3C9142243A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*", "matchCriteriaId": "76FAE0E6-1037-45AC-A277-8F32338A50AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "552D41EF-A5DB-4ED0-B404-FF2649969B11", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F61D3C1-0011-4D78-83F8-2349D46AFE59", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC99A5A2-32B0-4F38-A2B1-FAC50A05FBEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "7814DB96-4078-47B8-93B2-5066029B6F65", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D8E2A1A-7C06-491F-8A28-BE70EFCDDFFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD6F3523-7059-4591-9D04-97D287128D6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "5ED46089-ED5B-4314-B079-A8932377475E", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3B6B97E-B202-4B1F-9B81-367CB7172DEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B5D80C5-5821-416E-A3E3-ADC7F221B093", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Existe un desbordamiento de enteros en el analizador de flujo \"HyperLinkFrame\" de Ichitaro 2023 1.0.1.59372. Un documento especialmente manipulado puede hacer que el analizador realice una asignaci\u00f3n de tama\u00f1o insuficiente, lo que posteriormente puede permitir la corrupci\u00f3n de la memoria, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-38127", "lastModified": "2023-10-25T14:28:34.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2023-10-19T18:15:09.467", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN28846531/index.html"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}