Login Sign Up

CVE-2023-43619

7.8 HIGH

📋 TL;DR

CVE-2023-43619 is a vulnerability in Croc file transfer software that allows a malicious sender to transfer dangerous files to a receiver, potentially including executables or sensitive configuration files like .ssh/authorized_keys. This affects all users of Croc versions through 9.6.5 who receive files from untrusted sources.

💻 Affected Systems

Products:
  • Croc
Versions: All versions through 9.6.5
Operating Systems: All platforms where Croc runs
Default Config Vulnerable: ⚠️ Yes
Notes: All Croc installations using default settings are vulnerable when receiving files from untrusted senders.

📦 What is this software?

Croc by Schollz

View all CVEs affecting Croc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could gain remote code execution by transferring malicious executables or overwrite SSH authorized_keys to gain persistent access to the receiver's system.

🟠

Likely Case

Malicious actors could transfer malware, ransomware, or backdoors to victims during file transfers, compromising their systems.

🟢

If Mitigated

With proper controls, the impact is limited to file system corruption or unwanted files, but no direct code execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the receiver to accept a transfer from a malicious sender, which is a normal part of Croc's operation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.6.6 and later

Vendor Advisory: https://github.com/schollz/croc/issues/593

Restart Required: No

Instructions:

1. Update Croc to version 9.6.6 or later using your package manager or from GitHub releases. 2. No restart is required as Croc is typically run as a command-line tool.

🔧 Temporary Workarounds

Use trusted senders only

all

Only accept file transfers from known, trusted sources to prevent malicious file transfers.

Sandbox file reception

linux

Receive files in isolated directories and scan them before opening or executing.

mkdir -p /tmp/croc_receive && cd /tmp/croc_receive

🧯 If You Can't Patch

  • Discontinue use of Croc for receiving files from untrusted sources.
  • Implement strict file validation and scanning for all received files before opening.

🔍 How to Verify

Check if Vulnerable:

Check Croc version with 'croc --version'. If version is 9.6.5 or earlier, you are vulnerable.

Check Version:

croc --version

Verify Fix Applied:

After updating, run 'croc --version' to confirm version is 9.6.6 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file transfers via Croc, especially to sensitive directories like ~/.ssh/

Network Indicators:

  • Croc transfer sessions from unknown IP addresses

SIEM Query:

process_name='croc' AND (file_path LIKE '%.ssh%' OR file_extension IN ('exe', 'sh', 'bat', 'ps1'))

📊 Metadata

CVE ID: CVE-2023-43619
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: September 20, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43619, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)