提出 #814456: USCiLab cereal 1.3.2 CWE-1287, CWE-843 (Type Confusion)情報

タイトル	USCiLab cereal 1.3.2 CWE-1287, CWE-843 (Type Confusion)
説明	An issue was discovered in Cereal v1.3.2 and below. Insecure deserialization of shared pointers under certain conditions may lead to type confusion, resulting in potential information disclosure, control flow hijacking, and arbitrary code execution. --- Recommended CVSS: - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N - Justification: - AV:N - In the worst case, the library parses untrusted data sent over the network. - AC:L - Binary exploitation techniques are well-known. Security-enhancing conditions such as ASLR and PIE could be bypassed. - AT:P - CVSS guidelines do not provide examples and context assessing this for software frameworks. I have decided to give this Present instead of None, because the affected library is used in vastly different manners. Not all applications using the library are vulnerable, because it is dependent on the prerequisite of deserialising untrusted input under specific conditions. - PR:N - In a reasonable worst case, no privileges are required to exploit. - UI:N - In a reasonable worst case, no user interaction is necessary to exploit. - VC:H - Potential impact encapsulates RCE - VI:H - Potential impact encapsulates RCE - VA:H - Potential impact encapsulates RCE - SC:N - No scope change - SI:N - No scope change - SA:N - No scope change --- Note to moderator: The maintainer was notified on Aug. 23, 2025 and a disclosure deadline was set for 90 days. The maintainer was unreachable after multiple follow-up attempts. No patch is currently available and the disclosure deadline has expired. Let me know if you require screenshots/evidence of the CVD email chain (I am unable to upload private documents). CVD: https://gist.github.com/TrebledJ/0223c1fa3c3fd64e2c7047b8a4385ec0 Vendor: https://github.com/USCiLab Product: https://github.com/USCiLab/cereal
ソース	⚠️ https://gist.github.com/TrebledJ/0223c1fa3c3fd64e2c7047b8a4385ec0
ユーザー	trebledj (UID 94356)
送信	2026年04月27日 22:18 (1 月 ago)
モデレーション	2026年06月07日 09:45 (1 month later)
ステータス	承諾済み
VulDBエントリ	369083 [USCiLab Cereal 迄 1.3.2 Shared Pointer 特権昇格]
ポイント	20

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!