What is CVE-2023-2226?

CVE-2023-2226 is a vulnerability in Rapid7's Velociraptor versions earlier than 0.6.8 that allows an attacker to crash Velociraptor by introducing maliciously malformed files.

How does CVE-2023-2226 affect Rapid7 Velociraptor?

CVE-2023-2226 affects Rapid7 Velociraptor versions earlier than 0.6.8, allowing an attacker to crash Velociraptor during the parsing of maliciously malformed files.

What is the severity of CVE-2023-2226?

CVE-2023-2226 has a severity rating of medium with a CVSS score of 5.3.

How can an attacker exploit CVE-2023-2226?

An attacker can exploit CVE-2023-2226 by introducing maliciously malformed files to the system, causing Velociraptor to crash during parsing.

Is there a fix for CVE-2023-2226?

Yes, the fix for CVE-2023-2226 is to upgrade to Rapid7 Velociraptor version 0.6.8 or later.

Vulnerability/
CVE-2023-2226

medium

5.3

CWE

125

21/4/2023

2/8/2024

CVE-2023-2226: Velociraptor crashes while parsing some malformed PE or OLE files.

First published: Fri Apr 21 2023(Updated: )

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts.

Credit: cve@rapid7.con

Affected Software	Affected Version	How to fix
Rapid7 Velociraptor	<0.6.8

Remedy

Upgrade the clients to version 0.6.8-2

Never miss a vulnerability like this again

Reference Links

https://github.com/Velocidex/velociraptor

Frequently Asked Questions

What is CVE-2023-2226?
CVE-2023-2226 is a vulnerability in Rapid7's Velociraptor versions earlier than 0.6.8 that allows an attacker to crash Velociraptor by introducing maliciously malformed files.
How does CVE-2023-2226 affect Rapid7 Velociraptor?
CVE-2023-2226 affects Rapid7 Velociraptor versions earlier than 0.6.8, allowing an attacker to crash Velociraptor during the parsing of maliciously malformed files.
What is the severity of CVE-2023-2226?
CVE-2023-2226 has a severity rating of medium with a CVSS score of 5.3.
How can an attacker exploit CVE-2023-2226?
An attacker can exploit CVE-2023-2226 by introducing maliciously malformed files to the system, causing Velociraptor to crash during parsing.
Is there a fix for CVE-2023-2226?
Yes, the fix for CVE-2023-2226 is to upgrade to Rapid7 Velociraptor version 0.6.8 or later.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/title
agent/references
agent/severity
agent/weakness
agent/tags
agent/author
agent/description
agent/event
agent/first-publish-date
vendor/rapid7
canonical/rapid7 velociraptor

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.