Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-40307: Privileges Memory Corruption (Out-of-bound write)

An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.

CVE
#mac#git#buffer_overflow#sap

Moderate

rtrouton published GHSA-rgq4-wxpj-5jv9

Sep 11, 2023

Package

Privileges (macOS)

Affected versions

< 1.5.4

Patched versions

1.5.4

Description

Impact

An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.

Patches

The issue has been fixed in Privileges 1.5.4.

Workarounds

None. Please update to Privileges 1.5.4 or later.

References

https://github.com/SAP/macOS-enterprise-privileges/releases/tag/1.5.4

Acknowledgements

  • Name: Jack Tabash
  • Company Name: PricewaterhouseCoopers LLP
  • Company site: https://www.pwc.co.uk/cyber

Severity

Moderate

6.3

/ 10

CVSS base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CVE ID

CVE-2023-40307

Weaknesses

No CWEs

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907