CVE-2023-43694 – Malwarebytes,
Nebula – Out-of-Bounds read

SUMMARY:

An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues and denial of service.

AFFECTED VERSIONS

Malwarebytes 4 versions < 4.6.14.326
Malwarebytes 5 versions < 5.1.5.116
Nebula platform before June 2024, Endpoint Agent version < 2.0.0.64, Protection Service version < 4.6.17.334

PATCHED VERSIONS

Malwarebytes 4 versions >= 4.6.14.326 | Component version 1.0.2348 , Update Package version >= 1.0.85245
Malwarebytes 5 versions >= 5.1.5.116 | Component version 1.0.1252 , Update Package version >= 1.0.85245
Nebula platform June 2024, Endpoint Agent version >= 2.0.0.64, Protection Service version >= 4.6.17.334

MITIGATION ADVICE

We recommend upgrading the affected endpoints to the patched versions.

DETAILS

CWE	CVS 3.x	Vector
CWE-125: Out-of-bounds Read	5.2 Medium	Local

RECOGNITION

X41-Dsec

REFERENCES

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43694

CVE-2023-43694 – Malwarebytes,Nebula – Out-of-Bounds read