VDB
CVE-2023-43621
CVE-2023-43621
PUBLISHED
An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.
EPSS 0.03% · 9.9th percentile
Risk Scores
EPSS Score
0.03%
9.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| github.com | schollz/croc/v9 | 0 |
| schollz | croc | 0 |
Timeline
- Sep 20, 2023 CVE Published
- Sep 21, 2023 CVE Updated
- Sep 22, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Nov 25, 2023 EPSS Score
- Dec 27, 2023 EPSS Score
- Jan 28, 2024 EPSS Score
- Feb 29, 2024 EPSS Score
- Apr 1, 2024 EPSS Score
- May 3, 2024 EPSS Score
- Jun 4, 2024 EPSS Score
- Jul 6, 2024 EPSS Score
References
- https://www.openwall.com/lists/oss-security/2023/09/08/2 url
- https://github.com/schollz/croc/issues/598 url
- [oss-security] 20230921 Re: croc: multiple issues in file sharing utility mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2023-43621 advisory
- https://github.com/schollz/croc/pull/701 url
- https://github.com/schollz/croc/commit/863dabb93a271f41b3431c4384357e1856a69533 url
- https://github.com/schollz/croc package