CVE-2023-40294

MEDIUM

0branch boron 2.0.8 - Heap-Based Buffer Overflow in ur_parseBlockI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-40294. PoCs published by Halcy0nic.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-40294, a heap buffer overflow in libboron (version 2.0.8) at `ur_parseBlockI` in `i_parse_blk.c`. It includes ASAN output confirming the overflow and reproduction steps but lacks direct exploit code.

Description

libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c.

Exploits (1)

nomisec WRITEUP 2 stars

by Halcy0nic · poc

https://github.com/Halcy0nic/CVE-2023-40294-and-CVE-2023-40295

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2023-40294, a heap buffer overflow in libboron (version 2.0.8) at `ur_parseBlockI` in `i_parse_blk.c`. It includes ASAN output confirming the overflow and reproduction steps but lacks direct exploit code.

Classification

Writeup 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: libboron (libboron.so.2 version 2.0.8)

No auth needed

Prerequisites: Access to a system with libboron installed · Malformed input file to trigger the overflow

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory

https://github.com/0branch/boron/issues/3

Scores

CVSS v3 6.5

EPSS 0.0065

EPSS Percentile 46.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (1)

0branch/boron 2.0.8

Published Aug 14, 2023

Tracked Since Feb 18, 2026