CVE-2023-35992

Vulnerability

An integer overflow vulnerability exists in the fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115 when compiled as a 32-bit binary [1]. The bug is triggered during the parsing of a specially crafted .fst file. The code path is reachable when a victim opens a malicious .fst file, for example by double-clicking a wave file received by email, as GTKWave sets up mime types for its supported extensions [1].

Exploitation

An attacker needs to craft a malicious .fst file that triggers an integer overflow during the vesc allocation in fstReaderIterBlocks2. The attacker requires no authentication and the victim must open the file using GTKWave (e.g., via the GUI or command line) [1]. The attack vector is local, requiring user interaction (the victim opening the file) [1]. The exact sequence of steps involves the attacker sending or providing the malicious file and the victim opening it with GTKWave [1].

Impact

Successful exploitation leads to memory corruption [1]. The CVSSv3 score is 7.0 (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) [1], indicating high impact on confidentiality, integrity, and availability. An attacker could potentially achieve arbitrary code execution, data disclosure, or file corruption depending on the memory corruption specifics [1].

Mitigation

The vulnerability is confirmed in GTKWave 3.3.115 [1]. As of the publication date (2024-01-08), no fixed version has been released [1]. Users are advised to avoid opening untrusted .fst files with GTKWave and to consider using other tools or versions until a patch is available [1].