CVE-2023-6656 - OpenCVE

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Iperov	Deepfacelab

Configuration 1 [-]

cpe:2.3:a:iperov:deepfacelab:df.wf.288res.384.92.72.22:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/bayuncao/vul-cve-1	Broken Link
https://vuldb.com/?ctiid.247364	Permissions Required
https://vuldb.com/?id.247364	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2023-12-10T20:31:04.738Z

Updated: 2024-02-13T07:26:17.510Z

Reserved: 2023-12-10T07:07:57.476Z

Link: CVE-2023-6656

JSON object: View

NVD Information

Status : Modified

Published: 2023-12-10T21:15:07.093

Modified: 2024-05-17T02:33:50.960

Link: CVE-2023-6656

JSON object: View

Redhat Information

No data.

CWE

CWE-502

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-6656", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-12-10T07:07:57.476Z", "datePublished": "2023-12-10T20:31:04.738Z", "dateUpdated": "2024-02-13T07:26:17.510Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-13T07:26:17.510Z"}, "title": "DeepFaceLab DFLJPG.py deserialization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "CWE-502 Deserialization"}]}], "affected": [{"vendor": "n/a", "product": "DeepFaceLab", "versions": [{"version": "pretrained DF.wf.288res.384.92.72.22", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei DFLIMG/DFLJPG.py. Durch das Manipulieren mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2023-12-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-12-10T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-12-10T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-01-01T10:04:53.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "bayuncao (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.247364", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.247364", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/bayuncao/vul-cve-1", "tags": ["broken-link"]}], "tags": ["unsupported-when-assigned"]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iperov:deepfacelab:df.wf.288res.384.92.72.22:*:*:*:*:*:*:*", "matchCriteriaId": "F080F016-24B8-4DFE-9592-D049AAAFBB54", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad en DF.wf.288res.384.92.72.22 previamente entrenado en DeepFaceLab. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo DFLIMG/DFLJPG.py es afectada por este problema. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. El ataque puede lanzarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El identificador de esta vulnerabilidad es VDB-247364. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."}], "id": "CVE-2023-6656", "lastModified": "2024-05-17T02:33:50.960", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-12-10T21:15:07.093", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://github.com/bayuncao/vul-cve-1"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.247364"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.247364"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "cna@vuldb.com", "type": "Primary"}]}