CVE-2023-35702 – This CVE describes multiple stack-based buffer ... (How to Fix)

Q: What is the severity of CVE-2023-35702?

CVE-2023-35702 has a CVSS score of 7.8 (HIGH). This CVE describes multiple stack-based buffer overflow vulnerabilities in GTKWave's FST LEB128 varint parsing functionality. Attackers can craft malicious .fst files that, when opened by victims, could lead to arbitrary code execution. Users of GTKWave 3.3.115 who open untrusted .fst files are affected.

📋 TL;DR

This CVE describes multiple stack-based buffer overflow vulnerabilities in GTKWave's FST LEB128 varint parsing functionality. Attackers can craft malicious .fst files that, when opened by victims, could lead to arbitrary code execution. Users of GTKWave 3.3.115 who open untrusted .fst files are affected.

💻 Affected Systems

Products:

GTKWave

Versions: 3.3.115 (specific version mentioned; earlier versions may also be vulnerable but not confirmed)

Operating Systems: Linux, Windows, macOS - any OS running GTKWave

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of GTKWave 3.3.115 are vulnerable when processing .fst files. The vulnerability is in core file parsing functionality.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution with the privileges of the GTKWave user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the GTKWave process context, potentially allowing file system access or further privilege escalation.

🟢

If Mitigated

Application crash with no code execution if exploit fails or if memory protections (ASLR, DEP) are effective.

🌐 Internet-Facing: LOW - GTKWave is typically not an internet-facing service; exploitation requires file interaction.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction to open files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM - Requires crafting a malicious .fst file and convincing a user to open it.

Exploitation requires user interaction (opening a file). No public exploit code is mentioned in the references, but technical details are available in the Talos report.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GTKWave updates or Debian security updates (referenced in advisory)

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

Restart Required: Yes

Instructions:

1. Update GTKWave to the latest version from the official source or package manager. 2. For Debian systems, apply security updates via 'apt update && apt upgrade'. 3. Restart any running GTKWave instances after update.

🔧 Temporary Workarounds

Restrict .fst file handling

all

Configure system to open .fst files only with trusted applications or in sandboxed environments.

User awareness training

all

Train users to only open .fst files from trusted sources and verify file integrity.

🧯 If You Can't Patch

Disable or uninstall GTKWave if not essential
Use application whitelisting to prevent GTKWave execution

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: 'gtkwave --version' or check installed package version in package manager.

Check Version:

gtkwave --version

Verify Fix Applied:

Verify updated version is installed and no longer 3.3.115. Test with known safe .fst files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

GTKWave crash logs, unexpected process termination, abnormal memory access errors in system logs

Network Indicators:

Unusual outbound connections from GTKWave process post-file opening

SIEM Query:

Process:gtkwave AND (EventID:1000 OR EventID:1001) OR FileExtension:.fst AND ProcessCreation

📊 Metadata

CVE ID: CVE-2023-35702

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: January 8, 2024

Last Updated: November 4, 2025

🔗 References

https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1783 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1783 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1783

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35702, you might also want to check these: