CVE-2023-46586 — CRITICAL (9.1)

Vulnerability Description

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Related Weaknesses (CWE)

CWE-119

References

https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d
https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991
https://github.com/ltworf/weborf/pull/88
https://github.com/ltworf/weborf/pull/88/commits/7057d254b734dfc9cfb58983f901aa6

FAQ

What is CVE-2023-46586?

CVE-2023-46586 is a vulnerability with a CVSS score of 9.1 (CRITICAL). cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.

How severe is CVE-2023-46586?

CVE-2023-46586 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-46586?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.