Denial of service in firecracker-microvm Versionize
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-28448 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Versionize Server applications / Frameworks for developing and running applications |
| Vendor | firecracker-microvm |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU74175
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28448
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the Versionize::deserialize implementation. A local attacker can trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVersionize: 0.1.0 - 0.1.9
External linkshttp://github.com/firecracker-microvm/versionize/pull/53
http://github.com/firecracker-microvm/versionize/commit/a57a051ba006cfa3b41a0532f484df759e008d47
http://github.com/firecracker-microvm/versionize/security/advisories/GHSA-8vxc-r5wp-vgvc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
