CVE-2023-2226

LOW

Rapid7 Velociraptor < 0.6.8 - Denial of Service via Malformed PE or OLE File Parsing

Title source: llm

Description

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts.

References (1)

Core 1

Core References

Product

https://github.com/Velocidex/velociraptor

Scores

CVSS v3 3.3

EPSS 0.0038

EPSS Percentile 30.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (1)

rapid7/velociraptor < 0.6.8

Published Apr 21, 2023

Tracked Since Feb 18, 2026