CVE-2020-37040

EUVD-2020-30938
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
codeblocks
bookworm
undetermined
bullseye
undetermined
forky
undetermined
sid
undetermined
trixie
undetermined
Common Weakness Enumeration
References
http://www.codeblocks.org/
https://sourceforge.net/projects/codeblocks
https://www.exploit-db.com/exploits/48594
https://www.vulncheck.com/advisories/code-blocks-file-name-local-buffer-overflow