Vulnerability DatabaseCVE-2023-50628

CVE-2023-50628:
Homebrew vulnerability analysis and mitigation

Overview

Buffer Overflow vulnerability in libming version 0.4.8, discovered in December 2023, allows attackers to execute arbitrary code and obtain sensitive information via the parser.c component. The vulnerability was assigned identifier CVE-2023-50628 and received a CVSS v3.1 base score of 9.8 (CRITICAL) (NVD).

Technical details

The vulnerability exists in the parser.c component of libming 0.4.8. It is classified as a Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability under CWE-120. The issue received a critical CVSS v3.1 score of 9.8, with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

Impact

The vulnerability allows attackers to execute arbitrary code and obtain sensitive information from affected systems. Given the critical CVSS score and vector details, successful exploitation could lead to complete compromise of the affected system, with high impacts on confidentiality, integrity, and availability (NVD).

Mitigation and workarounds

A fix for this vulnerability has been developed and is available through a patch. Users are advised to apply the security update as documented in the pull request (GitHub PR).

Additional resources

Source: This report was generated using AI

Related Homebrew vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-22861	HIGH	8.8	Homebrew	iccdev	No	Yes	Jan 13, 2026
CVE-2026-22776	HIGH	8.7	Homebrew	cpp-httplib	No	Yes	Jan 12, 2026
CVE-2026-22783	HIGH	8.1	NixOS	iris	No	Yes	Jan 12, 2026
CVE-2026-21283	HIGH	7.8	Adobe Bridge	bridge	No	Yes	Jan 13, 2026
CVE-2026-22784	LOW	2.3	NixOS	lychee	No	Yes	Jan 12, 2026