CVE-2023-23394 | THREATINT

Description

Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability

Reserved 2023-01-11 | Published 2023-03-14 | Updated 2024-08-02 | Assigner microsoft

MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Problem types

CWE-822: Untrusted Pointer Dereference

Product status

10.0.0 before 10.0.17763.4131

affected

10.0.0 before 10.0.17763.4131

affected

10.0.0 before 10.0.17763.4131

affected

10.0.0 before 10.0.20348.1607

affected

10.0.0 before 10.0.20348.1602

affected

10.0.0 before 10.0.19042.2728

affected

10.0.0 before 10.0.22000.1696

affected

10.0.0 before 10.0.19044.2728

affected

10.0.0 before 10.0.22621.1413

affected

10.0.0 before 10.0.19045.2728

affected

10.0.0 before 10.0.10240.19805

affected

10.0.0 before 10.0.14393.5786

affected

10.0.0 before 10.0.14393.5786

affected

10.0.0 before 10.0.14393.5786

affected

6.0.0 before 6.0.6003.21966

affected

6.0.0 before 6.0.6003.21966

affected

6.0.0 before 6.0.6003.21966

affected

6.1.0 before 6.1.7601.26415

affected

6.0.0 before 6.1.7601.26415

affected

6.2.0 before 6.2.9200.24168

affected

6.2.0 before 6.2.9200.24168

affected

6.3.0 before 6.3.9600.20865

affected

6.3.0 before 6.3.9600.20865

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23394 (Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability) vendor-advisory

cve.org (CVE-2023-23394)

nvd.nist.gov (CVE-2023-23394)

Download JSON