CVE-2024-23310 - Vulnerability Details - OpenCVE

A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Fedoraproject	Fedora
Libbiosig Project	Libbiosig
The Biosig Project	Libbiosig

Configuration 1 [-]

cpe:2.3:a:libbiosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00288}`	epss `{'score': 0.00391}`

Wed, 22 Jan 2025 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Libbiosig Project Libbiosig Project libbiosig
Weaknesses		CWE-416
CPEs		cpe:2.3:a:libbiosig_project:libbiosig:2.5.0:::::::*
Vendors & Products		Libbiosig Project Libbiosig Project libbiosig

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-02-20T15:29:31.928Z

Updated: 2025-08-10T21:45:05.745Z

Reserved: 2024-01-23T13:26:50.009Z

Link: CVE-2024-23310

Vulnrichment

Updated: 2024-08-01T22:59:32.369Z

NVD

Status : Modified

Published: 2024-02-20T16:15:09.097

Modified: 2025-08-10T22:15:26.913

Link: CVE-2024-23310

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23310", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-01-23T13:26:50.009Z", "datePublished": "2024-02-20T15:29:31.928Z", "dateUpdated": "2025-08-10T21:45:05.745Z"}, "containers": {"cna": {"affected": [{"vendor": "The Biosig Project", "product": "libbiosig", "versions": [{"version": "2.5.0", "status": "affected"}, {"version": "Master Branch (ab0ee111)", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-825: Expired Pointer Dereference", "type": "CWE", "cweId": "CWE-825"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-08-10T21:45:05.745Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923"}], "credits": [{"lang": "en", "value": "Discovered by Lilith >_> of Cisco Talos."}]}, "adp": [{"affected": [{"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "40", "status": "affected"}]}, {"vendor": "the_biosig_project", "product": "libbiosig", "cpes": ["cpe:2.3:a:the_biosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.5.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-26T18:30:36.898914Z", "id": "CVE-2024-23310", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T18:31:01.920Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.369Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.369Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23310", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-26T18:30:36.898914Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "40"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:the_biosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*"], "vendor": "the_biosig_project", "product": "libbiosig", "versions": [{"status": "affected", "version": "2.5.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T18:30:32.667Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Lilith >_> of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "The Biosig Project", "product": "libbiosig", "versions": [{"status": "affected", "version": "2.5.0"}, {"status": "affected", "version": "Master Branch (ab0ee111)"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923"}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-825", "description": "CWE-825: Expired Pointer Dereference"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-08-10T21:45:05.745Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23310", "state": "PUBLISHED", "dateUpdated": "2025-08-10T21:45:05.745Z", "dateReserved": "2024-01-23T13:26:50.009Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-02-20T15:29:31.928Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libbiosig_project:libbiosig:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A824B3CA-4F02-432F-898F-BCD206C29468", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de use-after-free en la funcionalidad sopen_FAMOS_read de The Biosig Project libbiosig 2.5.0 y Master Branch (ab0ee111). Un archivo .famos especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."}], "id": "CVE-2024-23310", "lastModified": "2025-08-10T22:15:26.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2024-02-20T16:15:09.097", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-825"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}