Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: Buffer Overflow in graphviz via via a crafted config6a file

Related Vulnerabilities: CVE-2023-46045  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="74"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#73">By Date</a>
<a href=""><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="62"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#73">By Thread</a>
<a href="63"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">Re: Buffer Overflow in graphviz via via a crafted config6a file</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Matthew Fernandez &lt;matthew.fernandez () gmail com&gt;


<em>Date</em>: Sat, 27 Jan 2024 10:15:40 +1100


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">

On 1/20/24 15:07, Meng Ruijie wrote:
</pre><blockquote style="border-left: #5555EE solid 0.2em; margin: 0em; padding-left: 0.85em"><pre style="margin: 0em;">[Vulnerability description]
Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote attacker to execute arbitrary code via a crafted 
config6a file.

[Vulnerability Type]
Buffer Overflow
</pre></blockquote><pre style="margin: 0em;">
More specifically, this issue is an out-of-bounds read.

</pre><blockquote style="border-left: #5555EE solid 0.2em; margin: 0em; padding-left: 0.85em"><pre style="margin: 0em;">[Vendor of Product]
graphviz

[Affected Product Code Base]
graphviz - 2.43.0
</pre></blockquote><pre style="margin: 0em;">
</pre><tt>AFAICT the issue was actually introduced in Graphviz 2.36. It was fixed 
</tt><tt>in commit a95f977f5d809915ec4b14836d2b5b7f5e74881e (essentially 
</tt><tt>reverting cf95714837f06f684929b54659523c2c9b1fc19f that introduced the 
</tt><tt>issue), but there has been no release yet since then. The next release 
</tt><tt>will be 10.0.0. So affected versions would be [2.36, 10.0.0).
</tt><pre style="margin: 0em;">
</pre><tt>To exploit this issue, you need to modify a typically-root-owned file. I 
</tt><tt>am not suggesting it is hard to exploit, but see my remarks below.
</tt><pre style="margin: 0em;">
</pre><blockquote style="border-left: #5555EE solid 0.2em; margin: 0em; padding-left: 0.85em"><pre style="margin: 0em;">[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46045 to this 
vulnerability.
</pre></blockquote><pre style="margin: 0em;">
</pre><tt>Why was this issue gifted a CVE? If you want an out-of-bounds access in 
</tt><tt>Graphviz, there is much lower hanging fruit.
</tt><pre style="margin: 0em;">
</pre><tt>As Alan Coopersmith has noted in a separate thread,¹ this stream of 
</tt><tt>issues seems to have been bulk-created without much analysis. The CVE 
</tt><tt>details still appear to be RESERVED in NVD. The Graphviz maintainers do 
</tt><tt>not intend to contest this CVE, but I expect the details to be 
</tt><tt>inaccurate when released as I’ve noted above.
</tt><pre style="margin: 0em;">
¹ <a rel="nofollow" href="https://seclists.org/oss-sec/2024/q1/59">https://seclists.org/oss-sec/2024/q1/59</a>
_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="https://seclists.org/fulldisclosure/">https://seclists.org/fulldisclosure/</a></pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="74"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#73">By Date</a>
<a href=""><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="62"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#73">By Thread</a>
<a href="63"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><a name="62" href="62">Buffer Overflow in graphviz via via a crafted config6a file</a> <em>Meng Ruijie (Jan 26)</em>
<ul>
<li><strong>Re: Buffer Overflow in graphviz via via a crafted config6a file</strong> <em>Matthew Fernandez (Jan 27)</em>
</li>
</ul>
</li>
</ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started