CVE-2023-37378

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-37378
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37378.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-37378
Downstream
Related
Published
2023-07-03T20:15:09.620Z
Modified
2026-02-11T13:31:40.272929Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.

References

Affected packages

Git / github.com/nsis-dev/nsis

Affected ranges

Type
GIT
Repo
https://github.com/nsis-dev/nsis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
281e2851fe669d10e0650fc89d0e7fb74a598967
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
409b5841479c44fbf33a6ba97c1146e46f965467
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c40cf78994e74a1a3a381a850c996b251e3277c0

Affected versions

Other
v20
v201
v202
v203
v204
v205
v206
v207
v207b0
v208
v20b1
v20b2
v20b3
v20b4
v20rc1
v20rc2
v20rc3
v20rc4
v210
v211
v212
v213
v214
v215
v216
v217
v218
v219
v220
v221
v222
v223
v224
v225
v226
v227
v228
v229
v230
v231
v232
v233
v234
v235
v236
v237
v238
v239
v240
v241
v242
v243
v244
v245
v246
v30
v301
v3021
v303
v304
v305
v306
v3061
v307
v308
v30a1
v30a2
v30b0
v30b1
v30b2
v30b3
v30rc1
v30rc2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37378.json"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "id": "CVE-2023-37378-1f336d60",
        "source": "https://github.com/nsis-dev/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "324958057323643130586345113791539764096",
                "117616857455475812510142102486678823590",
                "324850355286303962528828379944142614501",
                "94954054456980137786801492744165139778"
            ]
        },
        "target": {
            "file": "Source/exehead/util.c"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2023-37378-3ed50a8d",
        "source": "https://github.com/nsis-dev/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967",
        "digest": {
            "function_hash": "245933394105413283240663427846959844977",
            "length": 522.0
        },
        "target": {
            "file": "Source/exehead/util.c",
            "function": "CreateRestrictedDirectory"
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2023-37378-4ed685ba",
        "source": "https://github.com/nsis-dev/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "205744561973775269651107642572445994130",
                "318226947357004643801961787513007645112",
                "22377454815862611238583843888994961789",
                "198955177541348463245871621405650975716",
                "21713101335872706789385815948976383873",
                "212021956742019196002972883903204928602"
            ]
        },
        "target": {
            "file": "Source/exehead/Main.c"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2023-37378-66428610",
        "source": "https://github.com/nsis-dev/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "326141712043076416526136596523430540743",
                "202982482643067989298280844419095220382",
                "24263019519671736427181619813841818864",
                "189704634293646577263530309866634631379",
                "3146274400194407823793192805166777700",
                "322755437027658954649796029100613919458",
                "85661416849814806130203934723416872477",
                "51215092847227404712084550922762011336",
                "313717456832945400106721311441839891853",
                "57510050877321720187454097656411127526",
                "98686635033574899021195805781878172080"
            ]
        },
        "target": {
            "file": "Source/exehead/util.c"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2023-37378-683dff34",
        "source": "https://github.com/nsis-dev/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0",
        "digest": {
            "function_hash": "84101798849291658191185921424481713326",
            "length": 7168.0
        },
        "target": {
            "file": "Source/exehead/Main.c",
            "function": "NSISWinMainNOCRT"
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2023-37378-9a95f4f9",
        "source": "https://github.com/nsis-dev/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "330747107025817459460812397665623240370",
                "192542784115639272777968930244041434538",
                "28918449838761000964390576299328945104",
                "140309671072166091083619161475956417937",
                "192913407631971418116817235182798046963"
            ]
        },
        "target": {
            "file": "Source/build.cpp"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2023-37378-a9a8ad41",
        "source": "https://github.com/nsis-dev/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967",
        "digest": {
            "function_hash": "268958813105703448559889959580320807284",
            "length": 7120.0
        },
        "target": {
            "file": "Source/exehead/Main.c",
            "function": "NSISWinMainNOCRT"
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2023-37378-ebfbcc44",
        "source": "https://github.com/nsis-dev/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967",
        "digest": {
            "function_hash": "216184667392552618939447548904334110197",
            "length": 496.0
        },
        "target": {
            "file": "Source/build.cpp",
            "function": "CEXEBuild::AddStandardStrings"
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2023-37378-f96d0ac5",
        "source": "https://github.com/nsis-dev/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "60543037167232676067549862839017220593",
                "76046088486453568946336336722720563975",
                "275640915613554648152563760476393195678",
                "172676567540280631963649980876456781514",
                "4289035430264387161276554649485414837",
                "291520104958682271676366889532797284590",
                "162135200464859797397507481780335903973",
                "85226076787956403500313454633934366283",
                "233432201394001661051155709591834078895",
                "313874196478770005358584940841620236403",
                "160653053246226962671467081784280584519",
                "221222718719831732657784172275636846018",
                "247806732783732742629530897144882437358",
                "200250014606682383813935174808415964487",
                "150533182142403155017917992531036182334",
                "139963057636399141210237298990742456137",
                "44501027052060518232755270189537024105",
                "113071475526878485971776268039702823427",
                "122864058405360369512309200936464639512",
                "223179574942757062959591364325928774728",
                "98032065988930303444066284287075984383",
                "164950581094023096263630925339827005326",
                "279948318976633098179475554496007811596",
                "67209035163701503300638619594651603987",
                "229007476203784657544402366885108667631",
                "179549671273348806821548131167239526405",
                "303993718806375606604641388294266553298",
                "201473867717459035062995724688689687325",
                "119394310189101375440086207481608574445",
                "33111018883604039292587137378230719654",
                "173825978292864369792481519406267853609",
                "237570166645348850479640077180332630435",
                "272013930704657037434137343990911428054",
                "75493550936600032105303780860033650504",
                "225068793697838432106127259804466543092",
                "260275924475928678392964062323325008452",
                "65533719156362105250301084449697781109",
                "336838171282105654712498653543023844572",
                "163278874613214724575856359767770856499",
                "111725296115406526554234627055903835505",
                "69153807055451316838089752882424565985",
                "117170084492708316349714162838958332660"
            ]
        },
        "target": {
            "file": "Source/exehead/Main.c"
        },
        "signature_type": "Line",
        "deprecated": false
    }
]