VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kprc-dzr5-aaaj

Essentials
Severities (91)
References (11)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kprc-dzr5-aaaj
Aliases	CVE-2023-52389
Summary	UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-190	Integer Overflow or Wraparound
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.00538	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
epss	0.01339	https://api.first.org/data/v1/epss?cve=CVE-2023-52389
cvssv3.1	9.8	https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release
ssvc	Track	https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release
cvssv3.1	9.8	https://github.com/pocoproject/poco/issues/4320
ssvc	Track	https://github.com/pocoproject/poco/issues/4320
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2023-52389
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2023-52389
cvssv3.1	9.8	https://pocoproject.org/blog/?p=1226
ssvc	Track	https://pocoproject.org/blog/?p=1226

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-52389
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52389
		https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release
		https://github.com/pocoproject/poco/issues/4320
		https://lists.debian.org/debian-lts-announce/2025/01/msg00017.html
		https://pocoproject.org/blog/?p=1226
cpe:2.3:a:pocoproject:poco::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pocoproject:poco::::::::
cpe:2.3:a:pocoproject:poco:1.11.8:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pocoproject:poco:1.11.8:-::::::
cpe:2.3:a:pocoproject:poco:1.11.8:p1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pocoproject:poco:1.11.8:p1::::::
cpe:2.3:a:pocoproject:poco:1.12.5:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pocoproject:poco:1.12.5:-::::::
CVE-2023-52389		https://nvd.nist.gov/vuln/detail/CVE-2023-52389

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-09T23:34:09Z/ Found at https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pocoproject/poco/issues/4320

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-09T23:34:09Z/ Found at https://github.com/pocoproject/poco/issues/4320

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-52389

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-52389

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://pocoproject.org/blog/?p=1226

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-09T23:34:09Z/ Found at https://pocoproject.org/blog/?p=1226

Exploit Prediction Scoring System (EPSS)

Percentile	0.28532
EPSS Score	0.00063
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-27T11:37:29.553757+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2023-52389	34.0.0rc2