CVE-2023-38128

An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*

History

25 Oct 2023, 14:05

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*
References (MISC) https://jvn.jp/en/jp/JVN28846531/index.html - (MISC) https://jvn.jp/en/jp/JVN28846531/index.html - Third Party Advisory
References (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809 - (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809 - Exploit, Third Party Advisory
References (MISC) https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809 - (MISC) https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809 - Exploit, Third Party Advisory
First Time Justsystems ichitaro Government 9
Justsystems
Justsystems ichitaro 2022
Justsystems just Government 4
Justsystems ichitaro 2021
Justsystems easy Postcard Max
Justsystems just Government 3
Justsystems just Government 5
Justsystems just Office 4
Justsystems ichitaro Pro 4
Justsystems ichitaro Pro 3
Justsystems just Police 3
Justsystems ichitaro 2023
Justsystems ichitaro Government 8
Justsystems just Office 5
Justsystems just Police 5
Justsystems just Police 4
Justsystems just Office 3
Justsystems ichitaro Pro 5
Justsystems ichitaro Government 10

20 Oct 2023, 18:15

Type Values Removed Values Added
References
  • (MISC) https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809 -

19 Oct 2023, 19:36

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-19 18:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-38128

Mitre link : CVE-2023-38128

CVE.ORG link : CVE-2023-38128


JSON object : View

Products Affected

justsystems

  • ichitaro_government_9
  • easy_postcard_max
  • just_police_3
  • just_government_4
  • ichitaro_2021
  • ichitaro_2023
  • just_police_4
  • just_police_5
  • ichitaro_government_10
  • ichitaro_pro_4
  • just_office_4
  • just_office_3
  • just_office_5
  • ichitaro_government_8
  • ichitaro_2022
  • just_government_3
  • just_government_5
  • ichitaro_pro_5
  • ichitaro_pro_3
CWE
CWE-787

Out-of-bounds Write

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')