VDB
CVE-2023-33552
CVE-2023-33552
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.
EPSS 1.39% · 80.7th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
1.39%
80.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| erofs-utils_project | erofs-utils | 1.6, 1.6 |
| n/a | n/a | n/a, * |
Timeline
- Jun 1, 2023 CVE Published
- Jun 2, 2023 EPSS Score
- Jul 8, 2023 EPSS Score
- Aug 13, 2023 EPSS Score
- Sep 18, 2023 EPSS Score
- Nov 29, 2023 EPSS Score
- Jan 4, 2024 EPSS Score
- Feb 9, 2024 EPSS Score
- Mar 16, 2024 EPSS Score
- Apr 21, 2024 EPSS Score
- May 27, 2024 EPSS Score
- Jul 2, 2024 EPSS Score
References
- https://github.com/lometsj/blog_repo/issues/1 url
- FEDORA-2023-f838326992 vendor-advisory
- FEDORA-2023-aadd651a30 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-33552 advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHOIRL6XH5NYR3LYI3KP5DE4SDSQWR7W url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGGIYW7PHYQM2NPYCJPSPSLULLD2P2PE url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHOIRL6XH5NYR3LYI3KP5DE4SDSQWR7W url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGGIYW7PHYQM2NPYCJPSPSLULLD2P2PE url