How severe is CVE-2023-34288?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2023-34288?

This is classified as CWE-824, which is a common weakness in software security.

CVE-2023-34288 - HIGH Severity | CVSS 7

Vulnerability Description

Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17966.

Related Vulnerabilities

CVE-2021-33542

HIGH

CVSS:7.0(High)

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote co...

CWE-8242021

CVE-2018-19018

HIGH

CVSS:7.3(High)

An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted projec...

CWE-8242018

CVE-2022-1809

HIGH

CVSS:7.4(High)

Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.

CWE-8242022

CVE-2016-10447

HIGH

CVSS:7.5(High)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 61...

CWE-8242016

CVE-2018-1000099

HIGH

CVSS:7.5(High)

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a ...

CWE-8242018

CVE-2018-11803

HIGH

CVSS:7.5(High)

Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory lis...

CWE-8242018