MS VS Info Disclosure CVE-2023-28263
CVE-2023-28263 Published on April 11, 2023
Visual Studio Information Disclosure Vulnerability
Visual Studio Information Disclosure Vulnerability
Weakness Type
Improper Null Termination
The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.
Products Associated with CVE-2023-28263
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft Visual Studio 2022 version 17.2:- Version 17.2.0 and below 17.2.15 is affected.
- Version 16.11.0 and below 16.11.26 is affected.
- Version 17.0.0 and below 17.0.21 is affected.
- Version 17.4.0 and below 17.4.7 is affected.
- Version 17.5.0 and below 17.5.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.