{"id":"CVE-2023-34048","details":"vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.","modified":"2026-05-04T08:41:17.546850Z","published":"2023-10-25T18:17:27.897Z","withdrawn":"2026-05-04T08:41:17.546850Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-34048"},{"type":"ADVISORY","url":"https://www.vmware.com/security/advisories/VMSA-2023-0023.html"},{"type":"EVIDENCE","url":"https://www.vicarius.io/vsociety/posts/understanding-cve-2023-34048-a-zero-day-out-of-bound-write-in-vcenter-server"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"4.0"},{"last_affected":"5.5"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-a"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-b"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-c"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-d"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update1a"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update1c"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update1d"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update2a"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update2b"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update2c"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update2d"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3a"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3c"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3d"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3e"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3f"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3g"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3h"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3i"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3j"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3k"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3l"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3m"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-update3n"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-a"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-b"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-c"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-update1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-update1a"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-update1b"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-update1c"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34048.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}