What is the vulnerability ID for this security issue?

The vulnerability ID for this security issue is CVE-2023-39427.

What is the severity of CVE-2023-39427?

The severity of CVE-2023-39427 is high.

Which software applications are affected by CVE-2023-39427?

Ashlar Cobalt, Ashlar Graphite, Ashlar Xenon, Ashlar Argon, and Ashlar Lithium are affected by CVE-2023-39427.

How can an attacker exploit CVE-2023-39427?

An attacker can exploit CVE-2023-39427 to execute arbitrary code on a vulnerable system.

Vulnerability/
CVE-2023-39427

high

7.8

CWE

787

26/10/2023

16/1/2025

CVE-2023-39427: Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Out-of-bounds Write

Q: What is the vulnerability description for CVE-2023-39427?

CVE-2023-39427 is an out-of-bounds write vulnerability in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77) that occurs due to lack of proper validation of user-supplied data when parsing XE files.

First published: Thu Oct 26 2023(Updated: )

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Ashlar Cobalt	<=12
Ashlar Graphite	<=13.0.48
Ashlar Xenon	<=12
Ashlar Argon	<=12
Ashlar Lithium	<=12

Remedy

Ashlar-Vellum recommends users apply the following mitigations to help reduce risk: * Cobalt, Xenon, Lithium, and Argon share update v12 https://download.ashlar.com/v12/ Build (1204.78). * Only open files from trusted sources.

Never miss a vulnerability like this again

Reference Links

https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03

Frequently Asked Questions

What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2023-39427.
What is the severity of CVE-2023-39427?
The severity of CVE-2023-39427 is high.
Which software applications are affected by CVE-2023-39427?
Ashlar Cobalt, Ashlar Graphite, Ashlar Xenon, Ashlar Argon, and Ashlar Lithium are affected by CVE-2023-39427.
What is the vulnerability description for CVE-2023-39427?
CVE-2023-39427 is an out-of-bounds write vulnerability in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77) that occurs due to lack of proper validation of user-supplied data when parsing XE files.
How can an attacker exploit CVE-2023-39427?
An attacker can exploit CVE-2023-39427 to execute arbitrary code on a vulnerable system.

collector/nvd-api
agent/tags
agent/event
agent/severity
agent/title
agent/weakness
agent/author
agent/references
agent/type
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/ashlar
canonical/ashlar cobalt
version/ashlar cobalt/12
canonical/ashlar graphite
version/ashlar graphite/13.0.48
canonical/ashlar xenon
version/ashlar xenon/12
canonical/ashlar argon
version/ashlar argon/12
canonical/ashlar lithium
version/ashlar lithium/12

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.