CVE-2023-40222

Summary

In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
Ashlar-VellumCobalt0 < v12 SP2 Build (1204.200)affected
Ashlar-VellumCobalt Share0 < v12 SP2 Build (1204.200)affected
Ashlar-VellumXenon0 < v12 SP2 Build (1204.200)affected
Ashlar-VellumArgon0 < v12 SP2 Build (1204.200)affected
Ashlar-VellumLithium0 < v12 SP2 Build (1204.200)affected

Weaknesses

  • CWE-122: CWE-122 Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References