CVE-2023-23082

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-23082
A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.

4.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/xbmc/xbmc/commit/8c2aafb6d4987833803e037c923aaf83f9ff41e1 Patch Third Party Advisory
https://github.com/xbmc/xbmc/issues/22377 Exploit Issue Tracking Patch Third Party Advisory
https://github.com/xbmc/xbmc/pull/22380 Patch Third Party Advisory
https://github.com/xbmc/xbmc/pull/22380/commits/00fec1dbdd1df827872c7b55ad93059636dfc076
https://github.com/xbmc/xbmc/pull/22380/commits/7e5f9fbf9aaa3540aab35e7504036855b23dcf60
https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html
Configurations

Configuration 1 (hide)

cpe:2.3:a:kodi:kodi:*:*:*:*:*:*:*:*
History

23 Jan 2024, 07:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html -

06 Nov 2023, 21:15

Type Values Removed Values Added
References
  • {'url': 'https://github.com/fritsch/xbmc/commit/54df944584fc9fecd4cd5d69c2289f0934de305b', 'name': 'https://github.com/fritsch/xbmc/commit/54df944584fc9fecd4cd5d69c2289f0934de305b', 'tags': ['Patch', 'Third Party Advisory'], 'refsource': 'MISC'}
  • {'url': 'https://github.com/fritsch/xbmc/commit/367cc80d66b0310b460f587fea44274b442951f1', 'name': 'https://github.com/fritsch/xbmc/commit/367cc80d66b0310b460f587fea44274b442951f1', 'tags': ['Patch', 'Third Party Advisory'], 'refsource': 'MISC'}
  • (MISC) https://github.com/xbmc/xbmc/pull/22380/commits/00fec1dbdd1df827872c7b55ad93059636dfc076 -
  • (MISC) https://github.com/xbmc/xbmc/pull/22380/commits/7e5f9fbf9aaa3540aab35e7504036855b23dcf60 -

12 Feb 2023, 04:53

Type Values Removed Values Added
References (MISC) https://github.com/xbmc/xbmc/issues/22377 - (MISC) https://github.com/xbmc/xbmc/issues/22377 - Exploit, Issue Tracking, Patch, Third Party Advisory
References (MISC) https://github.com/fritsch/xbmc/commit/54df944584fc9fecd4cd5d69c2289f0934de305b - (MISC) https://github.com/fritsch/xbmc/commit/54df944584fc9fecd4cd5d69c2289f0934de305b - Patch, Third Party Advisory
References (MISC) https://github.com/xbmc/xbmc/commit/8c2aafb6d4987833803e037c923aaf83f9ff41e1 - (MISC) https://github.com/xbmc/xbmc/commit/8c2aafb6d4987833803e037c923aaf83f9ff41e1 - Patch, Third Party Advisory
References (MISC) https://github.com/fritsch/xbmc/commit/367cc80d66b0310b460f587fea44274b442951f1 - (MISC) https://github.com/fritsch/xbmc/commit/367cc80d66b0310b460f587fea44274b442951f1 - Patch, Third Party Advisory
References (MISC) https://github.com/xbmc/xbmc/pull/22380 - (MISC) https://github.com/xbmc/xbmc/pull/22380 - Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.6
CWE CWE-787
CPE cpe:2.3:a:kodi:kodi:*:*:*:*:*:*:*:*
First Time Kodi
Kodi kodi

03 Feb 2023, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-02-03 22:15

Updated : 2024-01-23 07:15

NVD link : CVE-2023-23082

Mitre link : CVE-2023-23082

CVE.ORG link : CVE-2023-23082

JSON object : View

Products Affected

kodi

  • kodi
CWE
CWE-787

Out-of-bounds Write