CVE-2023-39413

Vulnerability

An integer underflow vulnerability exists in the lxt2_rd_iter_radix shift operation functionality of GTKWave version 3.3.115 [1]. The flaw resides in the LXT2 file parsing code within lxt2_read.c and can be triggered when a victim opens a specially crafted .lxt2 file [1]. The underflow occurs during a left shift operation, leading to memory corruption [1]. The vulnerable code is reachable via the GUI, the lxt2vcd conversion utility, rtlbrowse, and lxt2miner [1].

Exploitation

To exploit this vulnerability, an attacker must craft a malicious .lxt2 file that triggers the integer underflow during parsing [1]. The attacker then needs to convince a victim to open the file using GTKWave, either by double-clicking (as GTKWave registers mime types for its extensions) or through other social engineering [1]. No special privileges or network position is required beyond local file access [1]. User interaction is required as the victim must open the file [1].

Impact

Successful exploitation results in memory corruption [1]. Based on the CVSSv3 vector (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H), the vulnerability can lead to a complete compromise of confidentiality, integrity, and availability (CIA) of the affected system, potentially allowing arbitrary code execution at the privilege level of the victim user [1].

Mitigation

As of the publication date (2024-01-08), no fixed version of GTKWave has been released [1]. Users are advised to exercise caution when opening .lxt2 files from untrusted sources and to monitor the GTKWave project for updates [1]. No workaround is explicitly provided in the available references [1].