{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-3091","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-06-03T23:06:19.938Z","datePublished":"2023-06-03T23:31:02.994Z","dateUpdated":"2024-08-02T06:41:04.180Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-23T07:56:04.839Z"},"title":"Captura CRYPTBASE.dll uncontrolled search path","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-427","lang":"en","description":"CWE-427 Uncontrolled Search Path"}]}],"affected":[{"vendor":"n/a","product":"Captura","versions":[{"version":"8.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. The identifier of this vulnerability is VDB-230668. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."},{"lang":"de","value":"In Captura bis 8.0.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion in der Bibliothek CRYPTBASE.dll. Durch das Beeinflussen mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":7,"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7,"vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":6,"vectorString":"AV:L/AC:H/Au:S/C:C/I:C/A:C"}}],"timeline":[{"time":"2023-06-03T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-06-03T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-06-04T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-06-30T03:48:38.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"ignatiusmichael (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.230668","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.230668","tags":["signature"]}],"tags":["unsupported-when-assigned"]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T06:41:04.180Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.230668","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.230668","tags":["signature","x_transferred"]}]}]}}