CVE-2023-35970

Vulnerability

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 function of GTKWave 3.3.115 when parsing the chain_table of the FST_BL_VCDATA_DYN_ALIAS2 section type in a .fst file. These flaws are classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). A specially crafted .fst file can trigger the overflow, leading to arbitrary code execution. The vulnerable version confirmed is GTKWave 3.3.115 [1].

Exploitation

An attacker can exploit these vulnerabilities by crafting a malicious .fst file and convincing a victim to open it. The victim may open the file using the GTKWave GUI (e.g., by double-clicking the file or via email attachment, as GTKWave registers mime types for supported extensions) or via command-line tools [1]. No authentication or special privileges are required; only user interaction (opening the file) is necessary [1].

Impact

Successful exploitation allows an attacker to achieve arbitrary code execution with the privileges of the victim. This could lead to full compromise of the system's confidentiality, integrity, and availability (CVSSv3 score 7.8, High) [1].

Mitigation

As of the publication date (2024-01-08), no patch or fixed version has been released. The vendor was confirmed to be vulnerable. Users should avoid opening .fst files from untrusted sources and consider using alternative tools or up-to-date versions if a patch becomes available [1].