CVE-2023-34312
First published: Thu Jun 01 2023(Updated: )
In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tencent QQ | >=9.7.1.28940<=9.7.8.29039 | |
| Tencent Tim | >=3.4.5.22071<=3.4.7.22084 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-34312.
What is the severity level of CVE-2023-34312?
CVE-2023-34312 has a severity level of 7.8 (high).
Which software versions are affected by CVE-2023-34312?
CVE-2023-34312 affects Tencent QQ versions 9.7.1.28940 to 9.7.8.29039 and Tencent TIM versions 3.4.5.22071 to 3.4.7.22084.
What is the nature of this vulnerability?
CVE-2023-34312 is a write-what-where vulnerability in Tencent QQ and TIM, caused by a failure to validate pointers from inter-process communication.
Is there a fix available for CVE-2023-34312?
At the time of writing, there is no known fix available for CVE-2023-34312. It is recommended to update to the latest version of Tencent QQ and TIM when a fix becomes available.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/nvd-latest
- vendor/tencent
- canonical/tencent qq
- version/tencent qq/9.7.1.28940
- version/tencent qq/9.7.8.29039
- canonical/tencent tim
- version/tencent tim/3.4.5.22071
- version/tencent tim/3.4.7.22084