CVE-2023-42183

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-42183

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42183.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-42183

Related

GHSA-mgqj-hphf-9588

Published

2023-12-15T01:15:08.047Z

Modified

2026-02-05T10:05:46.167666Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.

References

Affected packages

Git / github.com/lockss/lockss-daemon

Affected ranges

Type: GIT
Repo: https://github.com/lockss/lockss-daemon
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fa3b512004d4abe1a1c7de16e45490909fb8ae89

Affected versions

Other

release-candidate_1-70-b1

release-candidate_1-70-b2

release-candidate_1-70-b3

release-candidate_1-71-b1

release-candidate_1-72-b1

release-candidate_1-72-b2

release-candidate_1-72-b3

release-candidate_1-72-b4

release-candidate_1-73-b1

release-candidate_1-73-b2

release-candidate_1-73-b3

release-candidate_1-74-b1

release-candidate_1-75-b1

release-candidate_1-76-b1

release-candidate_1-76-b2

release-candidate_1-76-b3

release-candidate_1-76-b4

release-candidate_1-76-b5

release-candidate_1-77-b1

release-candidate_1-77-b2

release_candidate_1-70-b4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42183.json"

vanir_signatures

[
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/lockss/lockss-daemon/commit/fa3b512004d4abe1a1c7de16e45490909fb8ae89",
        "digest": {
            "function_hash": "78105782545441573290025444165544754049",
            "length": 472.0
        },
        "id": "CVE-2023-42183-2fc4364f",
        "deprecated": false,
        "target": {
            "file": "src/org/lockss/util/XStreamSerializer.java",
            "function": "convertAnother"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/lockss/lockss-daemon/commit/fa3b512004d4abe1a1c7de16e45490909fb8ae89",
        "digest": {
            "function_hash": "293717328863438803095393032824288609507",
            "length": 1497.0
        },
        "id": "CVE-2023-42183-307f09c5",
        "deprecated": false,
        "target": {
            "file": "src/org/lockss/util/XStreamSerializer.java",
            "function": "init"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/lockss/lockss-daemon/commit/fa3b512004d4abe1a1c7de16e45490909fb8ae89",
        "digest": {
            "function_hash": "221347515604444174158561154025210479869",
            "length": 36.0
        },
        "id": "CVE-2023-42183-38b3468d",
        "deprecated": false,
        "target": {
            "file": "src/org/lockss/util/XStreamSerializer.java",
            "function": "useXStream11XmlFriendlyMapper"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/lockss/lockss-daemon/commit/fa3b512004d4abe1a1c7de16e45490909fb8ae89",
        "digest": {
            "function_hash": "256778027088298660447438244258113615184",
            "length": 148.0
        },
        "id": "CVE-2023-42183-75d1a257",
        "deprecated": false,
        "target": {
            "file": "src/org/lockss/util/XStreamSerializer.java",
            "function": "createUnmarshallingContext"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/lockss/lockss-daemon/commit/fa3b512004d4abe1a1c7de16e45490909fb8ae89",
        "digest": {
            "function_hash": "130458012983939392062716386429971744489",
            "length": 122.0
        },
        "id": "CVE-2023-42183-a25d93af",
        "deprecated": false,
        "target": {
            "file": "src/org/lockss/util/XStreamSerializer.java",
            "function": "createMarshallingContext"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/lockss/lockss-daemon/commit/fa3b512004d4abe1a1c7de16e45490909fb8ae89",
        "digest": {
            "function_hash": "180959856393265968175379815515506203376",
            "length": 110.0
        },
        "id": "CVE-2023-42183-e9abecf2",
        "deprecated": false,
        "target": {
            "file": "src/org/lockss/util/XStreamSerializer.java",
            "function": "LockssReferenceByXPathMarshallingStrategy"
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/lockss/lockss-daemon/commit/fa3b512004d4abe1a1c7de16e45490909fb8ae89",
        "digest": {
            "line_hashes": [
                "139324818434813149908257414435227975984",
                "171985205994857646898618812530589780457",
                "128227567267851828999491947320642967857",
                "314074925418935914151646167109117823538",
                "105805845584482195921507411168598300623",
                "261191425755482881597815297767534035520",
                "123353786268930425475127149287792618851",
                "221605298167975733019241229503979564952",
                "338139489625069368404405961192451037286",
                "149203598454283884253934235556154311087",
                "120792415584805788353091758995067919834",
                "87940771184629901037168636135707137104",
                "203606861363600950147011211450139844450",
                "129581120264496321122019813242515191693",
                "146304379988194024310136298039706173301",
                "12480355705992355534195476639150346355",
                "34444706322066398338941355138756820242",
                "330790466228003312580589352429235832195",
                "153637959804692393057458794175839386099",
                "309033937140245746228899289044788946189",
                "42706294093986551311431488170915263924",
                "258988434303695669049256823266026813909",
                "319381037982132198400005531168475465721",
                "237898653591111693293735420159897675826",
                "226922162861987905312110469124961813643",
                "298975564525296399023403661748215350770",
                "288386123758911631500259524967662241570",
                "178623268279197225035129528011225329926",
                "159511375396531456006581847881076795270",
                "270597280780856904676359817462886952290",
                "236871539367529047040701985048852444414",
                "93161672260924647700553809033077818479",
                "133163440458114391842253496749536840530",
                "188839614358428637025612679920592956317",
                "81086943658381477749612303138834038843",
                "184922073783698866006255436405837201148",
                "200921782318533446757941888208280613930",
                "236503205135208471313140932011228099704",
                "300413547368023396047685966835049403177",
                "206916590672821999614910668811549392457",
                "324372775074939212774906540753685224859",
                "216493080320508125766207299355495757716",
                "96296558294426443640741519375241573623",
                "297073027736066523833861989271066623001",
                "133964546938193117830085465074513163756",
                "252653262379116847107711070342771879148",
                "192741782857479563833812624211614317396",
                "80176999686909802898208214607422453157",
                "318599926352912928511048051636193358319",
                "214476568356588802197369267992757012916",
                "223708221618253611596720231154824337664",
                "24365331742230917214509085398193709388",
                "269781065372208446169070967054103292558",
                "45716803818251480120388670724478757835",
                "15398502817060612564596918192324066120",
                "273161367066438107763608500429836717830",
                "258304056251005468719601308930759323793",
                "36311540177821711991616091295819180260",
                "129870369077219123624626651674367405068",
                "3752576144760603271683292673354610075",
                "197151663191992745927710729399413283013",
                "299978691998077320352739675159115875192",
                "334080463372197071557178320749635787469",
                "313248196788030007041618810684078035112",
                "339474466789139239287420851750845060719",
                "163870512505097335158681636859100847944",
                "107884321815839332386201513648884952674",
                "226315197830502253016693042860312139864",
                "88041907633785768717486410809051765931",
                "222166082185451185338091566717892398064",
                "315079875039122085900120746138409761140",
                "121664146264655555650500171437553697692",
                "235370931357363495770789693082643650411",
                "121255808765935050723263919259273234959",
                "186902410055971628595877997596433195444",
                "269149050382483847636024917418663346033",
                "31380993915399340483648739615898492314",
                "203465155788153897151160789330871263171",
                "124792224343326584945878285842258729576",
                "325869357010398970759326267646818780742",
                "129991379870334890368180527303278613589",
                "165251622423396728155541431123200984307",
                "42204964169937230440606503783266330686",
                "47478716334189668590903186905866835543",
                "245160135126150221489657729993797643644",
                "279669281642836205564706104864165988016",
                "76608199305778900570079020539182021708",
                "209996211129501122896335028442144312460",
                "236061230862772581393220896842372934819",
                "287369000501004941210342306282887586591",
                "170661579821471569059493233764834975521"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2023-42183-ff2d8ada",
        "deprecated": false,
        "target": {
            "file": "src/org/lockss/util/XStreamSerializer.java"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/lockss/lockss-daemon/commit/fa3b512004d4abe1a1c7de16e45490909fb8ae89",
        "digest": {
            "function_hash": "112507763979576327066204412776334619511",
            "length": 176.0
        },
        "id": "CVE-2023-42183-ffd23765",
        "deprecated": false,
        "target": {
            "file": "src/org/lockss/util/XStreamSerializer.java",
            "function": "LockssReferenceByXPathMarshaller"
        }
    }
]