Login Sign Up

CVE-2022-23803

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability in KiCad's Gerber/Excellon file parsers allows remote code execution when processing malicious files. Users who open untrusted Gerber or Excellon files in KiCad EDA are affected. This could lead to complete system compromise.

💻 Affected Systems

Products:
  • KiCad EDA
Versions: 6.0.1 and earlier versions, including master commit de006fc010
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All KiCad installations with Gerber/Excellon file support are vulnerable by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Eda by Kicad

View all CVEs affecting Eda →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control of the user's system through arbitrary code execution.

🟠

Likely Case

Local privilege escalation or malware installation when users open malicious files from untrusted sources.

🟢

If Mitigated

Limited impact if users only open trusted files and have proper file validation controls.

🌐 Internet-Facing: LOW - KiCad is typically not internet-facing software, though malicious files could be distributed online.
🏢 Internal Only: MEDIUM - Internal users opening untrusted files could lead to lateral movement within networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction to open malicious file. Talos Intelligence published detailed analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: KiCad 6.0.2 and later

Vendor Advisory: https://www.kicad.org/

Restart Required: Yes

Instructions:

1. Download KiCad 6.0.2 or later from official website. 2. Uninstall previous version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

File validation

all

Only open Gerber/Excellon files from trusted sources and validate file integrity before opening.

Sandbox execution

all

Run KiCad in isolated environment or virtual machine when processing untrusted files.

🧯 If You Can't Patch

  • Disable Gerber/Excellon file support if not needed
  • Implement application whitelisting to prevent unauthorized KiCad execution

🔍 How to Verify

Check if Vulnerable:

Check KiCad version: Help → About KiCad → Version tab. If version is 6.0.1 or earlier, system is vulnerable.

Check Version:

kicad --version (Linux/macOS) or check About dialog in GUI

Verify Fix Applied:

Verify version is 6.0.2 or later. Test with known safe Gerber/Excellon files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

  • KiCad crash logs with stack overflow errors
  • Unexpected process creation from KiCad

Network Indicators:

  • Unusual outbound connections from KiCad process

SIEM Query:

process_name:"kicad" AND (event_type:"crash" OR parent_process:!="explorer.exe")

📊 Metadata

CVE ID: CVE-2022-23803
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: February 16, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23803, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)