CVE-2023-36746

Vulnerability

A heap-based buffer overflow vulnerability exists in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave version 3.3.115. The flaw occurs when parsing the time table of a specially crafted .fst file. The fstReaderOpen function processes the file, and improper bounds checking on the len parameter leads to memory corruption. [1]

Exploitation

An attacker can exploit this vulnerability by convincing a victim to open a malicious .fst file, for example via email attachment or file sharing. No authentication is required, and the victim only needs to double-click or open the file in GTKWave. The crafted file triggers the overflow when the fstWritex function processes the manipulated len value. [1]

Impact

Successful exploitation results in heap memory corruption, which can lead to arbitrary code execution or denial of service in the context of the GTKWave application. The CVSSv3 score is 7.0 (High) with high impact on confidentiality, integrity, and availability. [1]

Mitigation

As of the publication date, no patched version of GTKWave has been released. Users should avoid opening untrusted .fst files from unknown sources. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. [1]