UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release - Patch | |
References | () https://github.com/pocoproject/poco/issues/4320 - Patch | |
References | () https://pocoproject.org/blog/?p=1226 - Release Notes |
08 Feb 2024, 16:43
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-190 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:pocoproject:poco:1.11.8:p1:*:*:*:*:*:* cpe:2.3:a:pocoproject:poco:*:*:*:*:*:*:*:* cpe:2.3:a:pocoproject:poco:1.11.8:-:*:*:*:*:*:* cpe:2.3:a:pocoproject:poco:1.12.5:-:*:*:*:*:*:* |
|
References | () https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release - Patch | |
References | () https://github.com/pocoproject/poco/issues/4320 - Patch | |
References | () https://pocoproject.org/blog/?p=1226 - Release Notes | |
First Time |
Pocoproject
Pocoproject poco |
27 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-27 03:15
Updated : 2024-11-21 08:39
NVD link : CVE-2023-52389
Mitre link : CVE-2023-52389
CVE.ORG link : CVE-2023-52389
JSON object : View
Products Affected
pocoproject
- poco
CWE
CWE-190
Integer Overflow or Wraparound