Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Out-of-bounds Write
CVE-2023-39427

7.8HIGH

Key Information:

Vendor: Ashlar-vellum
Status: Cobalt; Xen Projecton; Argon; Lithium
Vendor: CVE Published:; 26 October 2023

🔔 Create Ashlar-vellum Vulnerability Alert

What is CVE-2023-39427?

In specific Ashlar-Vellum applications, including Cobalt, Xenon, Argon, Lithium, and Cobalt Share, an out-of-bounds write vulnerability exists due to inadequate validation of user-supplied data while parsing XE files. This security flaw could enable an attacker to execute arbitrary code within the context of the affected process, posing significant risks to system integrity and confidentiality.

Affected Version(s)

Argon v12 SP0 Build (1204.77)

Cobalt v12 SP0 Build (1204.77)

Cobalt Share v12 SP0 Build (1204.77)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2023
Vulnerability Reserved
Aug 10, 2023

Credit

Michael Heinzl reported these vulnerabilities to CISA