Login Sign Up

CVE-2023-36814

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2023-36814 is a vulnerability in Products.CMFCore that allows unauthenticated attackers to cause denial of service and crashes by exploiting unsafe use of Python's marshal module. All deployments using Products.CMFCore-based portal software like Plone are affected. The vulnerability is exposed through a public method on PortalFolder objects.

💻 Affected Systems

Products:
  • Products.CMFCore
  • Plone
  • Other Zope CMF-based portal software
Versions: All versions before 3.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using Products.CMFCore are vulnerable regardless of configuration.

📦 What is this software?

Products.cmfcore by Zope

View all CVEs affecting Products.cmfcore →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through application crashes, potentially requiring manual intervention to restore functionality.

🟠

Likely Case

Service degradation or temporary unavailability due to application crashes triggered by malicious requests.

🟢

If Mitigated

Minimal impact with proper network controls and monitoring to detect and block exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in a public method and requires no authentication, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Products.CMFCore 3.2

Vendor Advisory: https://github.com/zopefoundation/Products.CMFCore/security/advisories/GHSA-4hpj-8rhv-9x87

Restart Required: Yes

Instructions:

1. Update Products.CMFCore to version 3.2 or later using pip or your package manager. 2. Restart the Zope/Plone application server. 3. Verify the update was successful.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to affected services to trusted networks only.

Web Application Firewall Rules

all

Implement WAF rules to block requests targeting the vulnerable PortalFolder method.

🧯 If You Can't Patch

  • Implement strict network segmentation to limit access to vulnerable systems
  • Deploy monitoring and alerting for application crashes or unusual traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check if Products.CMFCore version is below 3.2 in your Python environment or Plone/Zope installation.

Check Version:

pip show Products.CMFCore | grep Version

Verify Fix Applied:

Confirm Products.CMFCore version is 3.2 or higher after patching.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs
  • Error messages related to marshal module
  • Unusual request patterns to PortalFolder endpoints

Network Indicators:

  • HTTP requests to PortalFolder methods with unusual payloads
  • Spike in error responses from the application

SIEM Query:

source="application.log" AND ("marshal" OR "PortalFolder" OR "crash")

📊 Metadata

CVE ID: CVE-2023-36814
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
Published: July 3, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36814, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)