How severe is CVE-2023-40012?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-40012?

This is classified as CWE-325, which is a common weakness in software security.

CVE-2023-40012

HIGH Year: 2023

CVSS v3 Score

7.5

High

Weakness Type

CWE-325

View all →

Vulnerability Description

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could produce a "signed" PE file that uthenticode would verify and consider valid using an X.509 certificate that isn't entitled to produce code signatures (e.g., a SSL certificate). By design, uthenticode does not perform full-chain validation. However, the absence of EKU validation was an unintended oversight. The 2.0.0 release series includes EKU checks. There are no workarounds to this vulnerability.

CVE-2021-22946

HIGH

CVSS:7.5(High)

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESS...

CWE-3252021

CVE-2022-1279

HIGH

CVSS:7.5(High)

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This ...

CWE-3252022

CVE-2022-20742

HIGH

CVSS:7.4(High)

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or...

CWE-3252022

CVE-2022-29229

HIGH

CVSS:7.2(High)

CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cr...

CWE-3252022

CVE-2023-34471

HIGH

CVSS:8.1(High)

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerabilit...

CWE-3252023

CVE-2018-5383

MEDIUM

CVSS:6.8(Medium)

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently ...

CWE-3252018

CVE-2023-40012

Vulnerability Description

Related Vulnerabilities

CVE-2021-22946

CVE-2022-1279

CVE-2022-20742

CVE-2022-29229

CVE-2023-34471

CVE-2018-5383