CVE-2023-35997

Vulnerability

CVE-2023-35997 describes multiple improper array index validation vulnerabilities in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. The issue occurs in the handling of .fst trace files when the signal length (signal_lens) is 2 or more. The vulnerability stems from a lack of proper bounds checking on array indices during tdelta index operations, allowing an attacker to write out of bounds. This can be triggered by a victim opening a specially crafted .fst file [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious .fst file with manipulated tdelta indices. The victim must open this file using GTKWave 3.3.115, either via the GUI (e.g., double-clicking on the file) or through command-line tools like fst2vcd. No authentication or special privileges are required; the attack is local and user interaction is limited to opening the file. The manipulation of array indices during processing leads to out-of-bounds memory access [1].

Impact

Successful exploitation allows an attacker to achieve arbitrary code execution on the victim's system. The vulnerability has a CVSSv3 score of 7.8, indicating high impact on confidentiality, integrity, and availability. The attacker gains the ability to execute code in the context of the GTKWave process, potentially leading to full system compromise [1].

Mitigation

As of the publication date (2024-01-08), the vendor has not yet released a patched version for GTKWave 3.3.115. The vulnerability is confirmed in version 3.3.115. Users should exercise caution when opening untrusted .fst files and consider using alternative tools or sandboxing environments until a fix is available. No workaround or mitigation details are provided in the available reference [1].