CVE-2023-30187: 
ONLYOFFICE DocumentServer vulnerability analysis and mitigation

An out of bounds memory access vulnerability was discovered in ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2. The vulnerability, tracked as CVE-2023-30187, allows remote attackers to execute arbitrary code via a crafted JavaScript file. The issue was disclosed and patched in early 2023 (NVD).

The vulnerability exists in the Docbuilder component which uses a v8 engine to execute JavaScript code inside the process. The issue specifically occurs in the SaveReAlloc function where no validation is performed on pos and len parameters. When a user creates a new v8::ArrayBuffer with a specific size and then executes SaveReAlloc with mismatched buffer sizes, it leads to an out-of-bounds memory access condition. The vulnerability received a CVSS v3.1 Base Score of 9.8 (CRITICAL) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD, GitHub Analysis).

The vulnerability allows attackers to perform out-of-bounds memory access, which can lead to arbitrary code execution on the affected system. This could potentially allow attackers to take complete control of the system running the vulnerable ONLYOFFICE DocumentServer instance (NVD).

The vulnerability has been patched in a security update. The fix involves removing the vulnerable functionality from the SaveAllocNative and SaveReAllocNative methods. Users should upgrade to a patched version of ONLYOFFICE DocumentServer. The patch can be found in the official repository (Core Patch).