Headline
CVE-2023-40307: Privileges Memory Corruption (Out-of-bound write)
An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.
Moderate
rtrouton published GHSA-rgq4-wxpj-5jv9
Sep 11, 2023
Package
Privileges (macOS)
Affected versions
< 1.5.4
Patched versions
1.5.4
Description
Impact
An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.
Patches
The issue has been fixed in Privileges 1.5.4.
Workarounds
None. Please update to Privileges 1.5.4 or later.
References
https://github.com/SAP/macOS-enterprise-privileges/releases/tag/1.5.4
Acknowledgements
- Name: Jack Tabash
- Company Name: PricewaterhouseCoopers LLP
- Company site: https://www.pwc.co.uk/cyber
Severity
Moderate
6.3
/ 10
CVSS base metrics
Attack vector
Local
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CVE ID
CVE-2023-40307
Weaknesses
No CWEs