CVE-2023-49287
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-49287
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49287.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-49287
- Aliases
-
- GHSA-jf5r-wgf4-qhxf
- Downstream
- Published
- 2023-12-04T05:29:10.673Z
- Modified
- 2025-12-05T00:12:11.606397Z
- Severity
-
- 7.7 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- Buffer overflow vulnerabilities in tinydir
- Details
-
TinyDir is a lightweight C directory and file reader. Buffer overflows in the
tinydir_file_open()function. This vulnerability has been patched in version 1.2.6. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-120", "CWE-121" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49287.json" }- References
-
- http://packetstormsecurity.com/files/176060/TinyDir-1.2.5-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2023/Dec/14
- http://www.openwall.com/lists/oss-security/2023/12/04/1
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49287.json
- https://github.com/cxong/tinydir/releases/tag/1.2.6
- https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf
- https://nvd.nist.gov/vuln/detail/CVE-2023-49287
Affected packages
Git / github.com/cxong/tinydir
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cxong/tinydir
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"target": {
"function": "cbehave_feature_return",
"file": "tests/cbehave/cbehave.c"
},
"digest": {
"length": 289.0,
"function_hash": "100955065264102046859660153556267098132"
},
"signature_version": "v1",
"source": "https://github.com/cxong/tinydir/commit/6ba79293a5e4ea015343e20453b4f4595c644515",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2023-49287-599651e0"
},
{
"target": {
"file": "tests/util.h"
},
"digest": {
"line_hashes": [
"272921278666425903396738736215084152963"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/cxong/tinydir/commit/6ba79293a5e4ea015343e20453b4f4595c644515",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-49287-6ced01ad"
},
{
"target": {
"file": "tests/file_open_test.c"
},
"digest": {
"line_hashes": [
"247939236100419179412904358457676181494",
"262082151054462152389237901206614994986",
"319126859735793752250616234767721382209",
"164787165907148255575618162019178396807",
"337765245028442784659344998827828672797",
"97559214998573510576615112469964267782"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/cxong/tinydir/commit/6ba79293a5e4ea015343e20453b4f4595c644515",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-49287-95e39888"
},
{
"target": {
"file": "tests/cbehave/cbehave.c"
},
"digest": {
"line_hashes": [
"309175903586626870985260149813828716122",
"261018211257445440148970508772908020838",
"327874104677963210362519558400065361232",
"142577915932571726318089064973411331838",
"323553054637087553269669098340637150836",
"204778325949517249635160907066853502183",
"103917059727408472488933398652596065401",
"169787956273963538054727691425061207886",
"210008578361725699263096056948199807336"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/cxong/tinydir/commit/6ba79293a5e4ea015343e20453b4f4595c644515",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-49287-c8721277"
}
]