CVE-2023-3425: Out-of-Bounds memory read in M-Files Server
DESCRIPTION:
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.
AFFECTED PRODUCTS:
M-Files Server before 23.8.12892.6
M-Files Server before 23.2 LTS SR3
MORE INFORMATION:
Incorrect check on memory buffer size allows reading small amount of memory. Vulnerability does not require authentication.
CVSS 3.1 Base Score: 6.5
CVSS 3.1 Temporal Score: 5.4
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:R
CWE: CWE-125: Out-of-bounds Read
CAPEC: CAPEC-540: Overread Buffers
Internal ID: 166444
Date issued: 2023-06-27
EXPLOITABILITY:
Publicly disclosed: No
Exploited: No
Probability of exploitation: low – internally found
LINKS:
https://www.cve.org/CVERecord?id=CVE-2023-3425
HISTORY
2023-08-25 Published