Vulnerability Details : CVE-2023-3434
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows.
This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.
Vulnerability category: Input validation
Products affected by CVE-2023-3434
- cpe:2.3:a:savoirfairelinux:jami:20222284:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3434
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3434
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L |
1.8
|
2.5
|
Black Lantern Security | |
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
NIST |
CWE ids for CVE-2023-3434
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: cves@blacklanternsecurity.com (Secondary)
References for CVE-2023-3434
-
https://review.jami.net/c/jami-client-qt/+/23569
misc: avoid dirty qrc urls (I570ddf18) · Gerrit Code ReviewPatch
-
https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-Vulnerabilities
Black Lantern Security (BLSOPS) | Micheal Reski | SubstackBroken Link
-
https://git.jami.net/savoirfairelinux/jami-client-qt/-/wikis/Changelog#nightly-january-10
Changelog · Wiki · savoirfairelinux / jami-client-qt · GitLabRelease Notes
Jump to