CVE-2024-23809 - Vulnerability Details - OpenCVE

A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Libbiosig Project	Libbiosig

Configuration 1 [-]

cpe:2.3:a:libbiosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919

History

Wed, 22 Jan 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fedoraproject Fedoraproject fedora Libbiosig Project Libbiosig Project libbiosig
CPEs		cpe:2.3:a:libbiosig_project:libbiosig:2.5.0:::::::* cpe:2.3:o:fedoraproject:fedora:40:::::::*
Vendors & Products		Fedoraproject Fedoraproject fedora Libbiosig Project Libbiosig Project libbiosig

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-02-20T15:29:33.826Z

Updated: 2025-02-13T17:39:52.268Z

Reserved: 2024-01-22T16:48:21.699Z

Link: CVE-2024-23809

Vulnrichment

Updated: 2024-08-01T23:13:08.428Z

NVD

Status : Analyzed

Published: 2024-02-20T16:15:10.003

Modified: 2025-01-22T14:43:30.827

Link: CVE-2024-23809

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23809", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-01-22T16:48:21.699Z", "datePublished": "2024-02-20T15:29:33.826Z", "dateUpdated": "2025-02-13T17:39:52.268Z"}, "containers": {"cna": {"affected": [{"vendor": "The Biosig Project", "product": "libbiosig", "versions": [{"version": "2.5.0", "status": "affected"}, {"version": "Master Branch (ab0ee111)", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-415: Double Free", "type": "CWE", "cweId": "CWE-415"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-04-02T15:06:09.569Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/"}], "credits": [{"lang": "en", "value": "Discovered by Lilith >_> of Cisco Talos."}]}, "adp": [{"affected": [{"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "40", "status": "affected"}]}, {"vendor": "the_biosig_project", "product": "libbiosig", "cpes": ["cpe:2.3:a:the_biosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.5.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-26T18:23:21.696064Z", "id": "CVE-2024-23809", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T18:23:26.780Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.428Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.428Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23809", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-26T18:23:21.696064Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "40"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:the_biosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*"], "vendor": "the_biosig_project", "product": "libbiosig", "versions": [{"status": "affected", "version": "2.5.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T18:23:10.543Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Lilith >_> of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "The Biosig Project", "product": "libbiosig", "versions": [{"status": "affected", "version": "2.5.0"}, {"status": "affected", "version": "Master Branch (ab0ee111)"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/"}], "descriptions": [{"lang": "en", "value": "A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415: Double Free"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-02-20T18:00:08.887Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23809", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:13:08.428Z", "dateReserved": "2024-01-22T16:48:21.699Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-02-20T15:29:33.826Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libbiosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A824B3CA-4F02-432F-898F-BCD206C29468", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de doble liberaci\u00f3n en la funcionalidad BrainVision ASCII Header Parsing de The Biosig Project libbiosig 2.5.0 y Master Branch (ab0ee111). Un archivo .vdhr especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."}], "id": "CVE-2024-23809", "lastModified": "2025-01-22T14:43:30.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2024-02-20T16:15:10.003", "references": [{"source": "talos-cna@cisco.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}