CVE-2023-52389

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52389
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52389.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52389
Downstream
Published
2024-01-27T03:15:07.883Z
Modified
2026-02-12T00:55:25.198469Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.

References

Affected packages

Git / github.com/pocoproject/poco

Affected ranges

Type
GIT
Repo
https://github.com/pocoproject/poco
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c6f27f6c96d280fad23d63271a7c9cd99ee18344
Introduced
4ba8595ed83841d1fa240716b5652adc3772c36b
Fixed
c04dfdbc37882f298d3178b3875cd67c38ea7d78

Affected versions

poco-1.*
poco-1.12.0-release
poco-1.12.1-release

Database specific

vanir_signatures 
[
    {
        "id": "CVE-2023-52389-8202989a",
        "deprecated": false,
        "digest": {
            "function_hash": "126883128126587547121600965683116656677",
            "length": 1234.0
        },
        "signature_version": "v1",
        "target": {
            "function": "PollSetTest::testPollClosedServer",
            "file": "Net/testsuite/src/PollSetTest.cpp"
        },
        "source": "https://github.com/pocoproject/poco/commit/c04dfdbc37882f298d3178b3875cd67c38ea7d78",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-52389-92f17f2d",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "166566207177569981508404787797303450977",
                "200834539691035532703805633077402808295",
                "227024929473728131459429144454479154318",
                "220939589686258297239414893012708816442",
                "84563950730046874683412812982367857665",
                "210289698902590027770564757520703659669",
                "260122820420695317679912485832455987026",
                "230575208433791883324013744487275303479",
                "125228202620450517784499599589372952081",
                "22221409162926150470736206920339824397",
                "91697861132533746477486978677291576093",
                "127847113591037219025284467363185575194",
                "11867490700539746995475217055593655826",
                "323728365972641088151803934258321089967",
                "2334946090901889020265750462325506786",
                "186218063033257477311986158425325260643",
                "220150218587801531736233715123433297489",
                "70196389753199218269082551521150327374",
                "264454140720801229051524741037909453475",
                "185252031334567489262225381029448673263",
                "218023919738659689631907406500401543586",
                "231533809356319591876391997719220100046",
                "122605060586929319982349802338753077278",
                "248846186946991954874839252018121031229",
                "254254484712003914140956962103713752941",
                "328196513204281611578773485859840028529",
                "203553281496114822945573639250012387323",
                "49945010813935130229797048583749371331",
                "232463501574571137563959329837996994918",
                "189610670729471747632316542088090913961",
                "292117270598071783409064335371925449355",
                "206844497135528682449059717385280024781",
                "275986280831851240207484963541071060196",
                "276558151698189291298228472266322789882",
                "22737128091337379819550154732454465992",
                "127847113591037219025284467363185575194",
                "70017186946833151220887989802262066825",
                "83860233284191769754215926870225793962",
                "219724506762597428798022305588886227394",
                "64966893375994393306717493277879445143",
                "157052514520566624269664472488873919570",
                "331218745122811142535528882054067924655",
                "69941516086681283324936602641530231088",
                "305963931650328606558061699951284854266",
                "142914350001098528456909098544885376181",
                "50546443310300644483146355232184462008",
                "20669134903330516583942087384435469298"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "Net/testsuite/src/PollSetTest.cpp"
        },
        "source": "https://github.com/pocoproject/poco/commit/c04dfdbc37882f298d3178b3875cd67c38ea7d78",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-52389-e1d078c6",
        "deprecated": false,
        "digest": {
            "function_hash": "194312175087690824129882857276332706724",
            "length": 826.0
        },
        "signature_version": "v1",
        "target": {
            "function": "PollSetTest::testPollNoServer",
            "file": "Net/testsuite/src/PollSetTest.cpp"
        },
        "source": "https://github.com/pocoproject/poco/commit/c04dfdbc37882f298d3178b3875cd67c38ea7d78",
        "signature_type": "Function"
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52389.json"