Main Vulnerability Database Exploits ID:8997 - Exploit for Improper Control of Dynamically-Managed Code Resources in vm2 - CVE-2023-29199

ID:8997 - Exploit for Improper Control of Dynamically-Managed Code Resources in vm2 - CVE-2023-29199

Published: April 20, 2023

Vulnerability identifier: #VU75366

Vulnerability risk: Medium

CVE-ID: CVE-2023-29199

CWE-ID: CWE-913

Exploitation vector: Remote access

Vulnerable software:
vm2

Link to public exploit:

https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c

Vulnerability description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to an error within the source code transformer. A remote user can bypass handleException() and leak unsanitized host exceptions. The obtain information can be used to escape the sandbox and run arbitrary code in host context.

Remediation

Install updates from vendor's website.

ID:8997 - Exploit for Improper Control of Dynamically-Managed Code Resources in vm2 - CVE-2023-29199

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human