CVE-2023-2226

Severity CVSS v4.0:

Pending analysis

Type:

CWE-125 Out-of-bounds Read

Publication date:

21/04/2023

Last modified:

03/05/2023

Description

Due to insufficient validation in the PE and OLE parsers in Rapid7&#39;s Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. <br /> <br /> For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts.<br /> <br />

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS v3.1 Severity and Metrics:

Base Score: 5.30 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): Low

Base Score 3.x

5.30

Severity 3.x

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:rapid7:velociraptor::::::::		0.6.8 (excluding)

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://github.com/Velocidex/velociraptor