CVE-2023-40222

High CVSS: 8.4

In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Vendor

Ashlar

Product

Cobalt

CWE

CWE-122

Yayın Tarihi

2025-02-04 23:15:08

Güncelleme

2025-09-16 16:54:40

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-122 Cobalt HIGH Ashlar 2025

Referanslar

https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03

Benzer Kayıtlar

High

CVE-2025-65084

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share version…

High

CVE-2025-65085

A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v…

High

CVE-2025-11463

Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows rem…

High

CVE-2025-11464

Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability…

High

CVE-2025-11465

Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remot…

High

CVE-2025-8000

Ashlar-Vellum Cobalt LI File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remot…