CVE-2023-39346

HIGH

Renjikai Linuxasmcallgraph < 2022-02-08 - Unrestricted File Upload

Title source: rule

Description

LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://github.com/bjrjk/LinuxASMCallGraph/security/advisories/GHSA-63c3-r9qm-c2wx

Issue Tracking x_refsource_misc

https://github.com/bjrjk/LinuxASMCallGraph/issues/6

Issue Tracking x_refsource_misc

https://github.com/bjrjk/LinuxASMCallGraph/issues/8

Patch x_refsource_misc

https://github.com/bjrjk/LinuxASMCallGraph/commit/20dba06bd1a3cf260612d4f21547c25002121cd5

View Patch ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0271

EPSS Percentile 86.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

renjikai/linuxasmcallgraph < 2022-02-08

Published Aug 04, 2023

Tracked Since Feb 18, 2026