{"id":34577,"date":"2025-05-05T12:11:36","date_gmt":"2025-05-05T12:11:36","guid":{"rendered":""},"modified":"2025-05-07T00:18:28","modified_gmt":"2025-05-07T00:18:28","slug":"cve-2023-35702-stack-based-buffer-overflow-vulnerability-in-gtkwave-3-3-115","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2023-35702-stack-based-buffer-overflow-vulnerability-in-gtkwave-3-3-115\/","title":{"rendered":"CVE-2023-35702: Stack-Based Buffer Overflow Vulnerability in GTKWave 3.3.115<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the realm of cybersecurity, it is crucial to stay ahead of potential threats. A new vulnerability, identified as CVE-2023-35702, has emerged that poses a significant threat to systems running GTKWave 3.3.115. GTKWave is a fully featured GTK+ based wave viewer primarily intended for use with electronics design automation (EDA) simulation software. The vulnerability lies within the FST LEB128 varint functionality of GTKWave, which if exploited, could lead to arbitrary code execution<\/a>.
\nThis vulnerability matters because it has the potential to compromise systems<\/a> or leak sensitive data. This becomes particularly dangerous when considering that a victim would only need to open a malicious .fst file to trigger the vulnerability<\/a>. Hence, it is of utmost importance for system administrators and users to understand the risks associated with this vulnerability<\/a>.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2023-35702
\nSeverity: High (7.8)
\nAttack Vector: Local
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n