Heap-Based Buffer Overflow in Ashlar-Vellum Cobalt from Ashlar-Vellum
CVE-2023-40222

8.4HIGH

Key Information:

Vendor: Ashlar-vellum
Status: Cobalt; Cobalt Share; Xen Projecton; Argon
Vendor: CVE Published:; 4 February 2025

🔔 Create Ashlar-vellum Vulnerability Alert

What is CVE-2023-40222?

The Ashlar-Vellum Cobalt application prior to version 12 SP2 Build (1204.200) suffers from a lack of proper validation for user-supplied data during CO file parsing. This flaw can trigger a heap-based buffer overflow, allowing malicious actors to exploit this vulnerability to execute arbitrary code within the context of the running process, which could lead to various security risks.

Affected Version(s)

Argon 0

Cobalt 0

Cobalt Share 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Aug 10, 2023

Credit

Michael Heinzl reported these vulnerabilities to CISA.