Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-36271
CVE-2023-36271:
NixOS vulnerability analysis and mitigation
Overview
LibreDWG versions v0.10 to v0.12.5 were discovered to contain a heap buffer overflow vulnerability in the function bit_wcs2nlen at bits.c. The vulnerability was disclosed on June 23, 2023, and received a CVSS v3.1 base score of 8.8 (HIGH) (NVD).
Technical details
The vulnerability is a heap-based buffer overflow that occurs in the bit_wcs2nlen function within the bits.c file. The issue manifests when reading input, where the function performs a read operation of size 2 at an address outside the allocated buffer region. This vulnerability was discovered during fuzz testing and can be triggered through specially crafted DWG files (GitHub Issue).
Impact
The heap buffer overflow vulnerability could potentially lead to arbitrary code execution or program crashes. Given its high CVSS score of 8.8, the vulnerability is considered severe and could allow remote attackers to execute code or cause denial of service conditions (NVD).
Mitigation and workarounds
Users should upgrade to a version newer than v0.12.5 which contains the fix for this vulnerability. The issue has been addressed in subsequent releases (NVD).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management