CVE-2023-52389

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pocoproject:poco:*:*:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco:*:*:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco:1.11.8:-:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco:1.11.8:p1:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco:1.12.5:-:*:*:*:*:*:*

History

21 Nov 2024, 08:39

Type Values Removed Values Added
References () https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release - Patch () https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release - Patch
References () https://github.com/pocoproject/poco/issues/4320 - Patch () https://github.com/pocoproject/poco/issues/4320 - Patch
References () https://pocoproject.org/blog/?p=1226 - Release Notes () https://pocoproject.org/blog/?p=1226 - Release Notes

08 Feb 2024, 16:43

Type Values Removed Values Added
CWE CWE-190
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:pocoproject:poco:1.11.8:p1:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco:*:*:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco:1.11.8:-:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco:1.12.5:-:*:*:*:*:*:*
References () https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release - () https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release - Patch
References () https://github.com/pocoproject/poco/issues/4320 - () https://github.com/pocoproject/poco/issues/4320 - Patch
References () https://pocoproject.org/blog/?p=1226 - () https://pocoproject.org/blog/?p=1226 - Release Notes
First Time Pocoproject
Pocoproject poco

27 Jan 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-27 03:15

Updated : 2024-11-21 08:39


NVD link : CVE-2023-52389

Mitre link : CVE-2023-52389

CVE.ORG link : CVE-2023-52389


JSON object : View

Products Affected

pocoproject

  • poco
CWE
CWE-190

Integer Overflow or Wraparound