Views:

Affected Version(s)

ProductAffected Version(s) Platform Language(s) 
Deep Discovery Inspector (DDI)  5.7 and aboveAppliance English


Solution

Trend Micro has released the following solutions to address the issue:

ProductUpdated version* NotesPlatform Availability 
DDI 6.6 CP 1080Readme  ApplianceNow Available 
DDI 6.5 CP 1166ReadmeAppliance Now Available

*It is recommended that customers using previous versions of DDI (before v6.5) first upgrade to the latest version and then apply the Critical Patch (CP) to resolve these issues.  If this is not possible, please contact Trend Micro Support for additional assistance.

Customers are encouraged to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying any of the solutions above.


Vulnerability Details

CVE-2023-3823Security issue with external entity loading in XML without enabling it 
CVSSv3.1: 8.6: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.

Please note: this description is taken from the official CVE entry for this vulnerability.

CVE-2023-3824Buffer overflow and overread in phar_dir_read() 
CVSSv3.1: 9.4: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. .

Please note: this description is taken from the official CVE entry for this vulnerability.



Mitigating Factors

Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.

However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.


External Reference(s)