CVE-2023-35703

Vulnerability

Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint decoding functionality of GTKWave version 3.3.115 [1]. The flaw resides in the fstReaderVarint64 function called during parsing of .fst trace files via fstReaderOpen. A specially crafted .fst file can cause a stack buffer overflow when processing malformed LEB128-encoded integers [1]. No special configuration is required beyond opening a malicious file.

Exploitation

An attacker must craft a malicious .fst file containing oversized LEB128 varint fields that overflow fixed-size stack buffers [1]. The victim must open the file, either through the GTKWave GUI (e.g., double-clicking via registered mime type) or by using a command-line tool [1]. No authentication or prior access is needed; user interaction is limited to opening the file [1].

Impact

Successful exploitation leads to arbitrary code execution in the context of the victim user [1]. The attacker gains full control of the affected system (compromise of confidentiality, integrity, and availability) [1]. The CVSS v3.1 score is 7.8 (High) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [1].

Mitigation

As of the advisory date (2024-01-08), no patched version of GTKWave has been released [1]. Users should avoid opening untrusted .fst files from unknown sources until an update is available. The vendor has been notified and is working on a fix [1].