Heap-based buffer overflow in exfatprogs - CVE-2023-45897
Published: November 18, 2023
Vulnerability identifier: #VU83260
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-45897
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: exfatprogs
Affected software:
exfatprogs
exfatprogs
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling file names. A remote attacker can trick the victim to use the filesystem tools against a specially crafted file with an overly long file name, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2023-45897
Install updates from vendor's website.
Sources
- https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4
- https://github.com/exfatprogs/exfatprogs/releases/tag/1.2.2
- https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae
- https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf
- https://dfir.ru/2023/11/01/cve-2023-45897-a-vulnerability-in-the-linux-exfat-userspace-tools/