Heap-Based Buffer Overflow Vulnerability in V-Server and V-Server Lite by Fujie Electric
CVE-2023-47586

7.8HIGH

Key Information:

Vendor: Fuji Electric Co., Ltd. And Hakko Electronics Co., Ltd.
Status: V-server; V-server Lite
Vendor: CVE Published:; 15 November 2023

🔔 Create Fuji Electric Co., Ltd. And Hakko Electronics Co., Ltd. Vulnerability Alert

What is CVE-2023-47586?

Multiple heap-based buffer overflow vulnerabilities have been identified in V-Server versions prior to 4.0.18.0, as well as in V-Server Lite. When users open a specially crafted VPR file, these vulnerabilities could lead to the disclosure of sensitive information and the potential execution of arbitrary code, posing a significant risk to affected systems.

Affected Version(s)

V-Server V4.0.18.0 and earlier

V-Server Lite V4.0.18.0 and earlier

References

https://monitouch.fujielectric.com/site/download-e/03tell...

https://hakko-elec.co.jp/site/download/03tellus_inf/index...

https://jvn.jp/en/vu/JVNVU93840158/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2023
Vulnerability Reserved
Nov 7, 2023