CVE-2023-52389 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-52389 Interim 1 5 2025-08-06T01:20:33Z current 2024-01-30T00:09:32Z 2025-08-06T01:20:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-52389 UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed libPocoActiveRecord112-1.14.2-1.1 libPocoCppParser112-1.14.2-1.1 libPocoCrypto112-1.14.2-1.1 libPocoData112-1.14.2-1.1 libPocoDataMySQL112-1.14.2-1.1 libPocoDataODBC112-1.14.2-1.1 libPocoDataPostgreSQL112-1.14.2-1.1 libPocoDataSQLite112-1.14.2-1.1 libPocoEncodings112-1.14.2-1.1 libPocoFoundation112-1.14.2-1.1 libPocoJSON112-1.14.2-1.1 libPocoJWT112-1.14.2-1.1 libPocoMongoDB112-1.14.2-1.1 libPocoNet112-1.14.2-1.1 libPocoNetSSL112-1.14.2-1.1 libPocoPDF112-1.14.2-1.1 libPocoPrometheus112-1.14.2-1.1 libPocoRedis112-1.14.2-1.1 libPocoUtil112-1.14.2-1.1 libPocoXML112-1.14.2-1.1 libPocoZip112-1.14.2-1.1 poco-cpspc-1.14.2-1.1 poco-devel-1.14.2-1.1 libPocoActiveRecord112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoCppParser112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoCrypto112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoData112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataMySQL112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataODBC112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataPostgreSQL112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataSQLite112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoEncodings112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoFoundation112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoJSON112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoJWT112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoMongoDB112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoNet112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoNetSSL112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoPDF112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoPrometheus112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoRedis112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoUtil112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoXML112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoZip112-1.14.2-1.1 as a component of openSUSE Tumbleweed poco-cpspc-1.14.2-1.1 as a component of openSUSE Tumbleweed poco-devel-1.14.2-1.1 as a component of openSUSE Tumbleweed UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0. CVE-2023-52389 openSUSE Tumbleweed:libPocoActiveRecord112-1.14.2-1.1 openSUSE Tumbleweed:libPocoCppParser112-1.14.2-1.1 openSUSE Tumbleweed:libPocoCrypto112-1.14.2-1.1 openSUSE Tumbleweed:libPocoData112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataMySQL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataODBC112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataPostgreSQL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataSQLite112-1.14.2-1.1 openSUSE Tumbleweed:libPocoEncodings112-1.14.2-1.1 openSUSE Tumbleweed:libPocoFoundation112-1.14.2-1.1 openSUSE Tumbleweed:libPocoJSON112-1.14.2-1.1 openSUSE Tumbleweed:libPocoJWT112-1.14.2-1.1 openSUSE Tumbleweed:libPocoMongoDB112-1.14.2-1.1 openSUSE Tumbleweed:libPocoNet112-1.14.2-1.1 openSUSE Tumbleweed:libPocoNetSSL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoPDF112-1.14.2-1.1 openSUSE Tumbleweed:libPocoPrometheus112-1.14.2-1.1 openSUSE Tumbleweed:libPocoRedis112-1.14.2-1.1 openSUSE Tumbleweed:libPocoUtil112-1.14.2-1.1 openSUSE Tumbleweed:libPocoXML112-1.14.2-1.1 openSUSE Tumbleweed:libPocoZip112-1.14.2-1.1 openSUSE Tumbleweed:poco-cpspc-1.14.2-1.1 openSUSE Tumbleweed:poco-devel-1.14.2-1.1 critical 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H