Skip to main content

CVE-2023-28465: n/a in n/a

High
VulnerabilityCVE-2023-28465cvecve-2023-28465
Published: Tue Dec 12 2023 (12/12/2023, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057.

AI-Powered Analysis

AILast updated: 07/06/2025, 04:27:20 UTC

Technical Analysis

CVE-2023-28465 is a high-severity directory traversal vulnerability affecting the package-decompression feature in HL7 FHIR Core Libraries versions prior to 5.6.106. HL7 FHIR (Fast Healthcare Interoperability Resources) is a widely adopted standard for exchanging healthcare information electronically. The vulnerability arises because the decompression functionality does not properly validate directory names during extraction, allowing an attacker to craft archive files with directory names that include allowed directory names as substrings. This incomplete validation enables attackers to traverse directories and copy arbitrary files to unintended locations on the target system. The issue is a regression or incomplete fix of a previous vulnerability, CVE-2023-24057, indicating that the underlying problem with directory traversal was not fully resolved. The CVSS v3.1 base score of 7.5 reflects that this vulnerability can be exploited remotely without authentication or user interaction (AV:N/AC:L/PR:N/UI:N), resulting in a high impact on confidentiality (C:H) but no impact on integrity or availability. Exploiting this vulnerability could allow attackers to place malicious files or sensitive data in arbitrary directories, potentially leading to information disclosure or facilitating further attacks such as code execution if the files are processed by other components. No known exploits are currently reported in the wild, and no official patches or vendor information are provided in the data. The vulnerability is categorized under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a common weakness in file handling that can lead to directory traversal attacks.

Potential Impact

For European organizations, especially those in the healthcare sector using HL7 FHIR Core Libraries for managing and exchanging patient data, this vulnerability poses a significant risk. Exploitation could lead to unauthorized disclosure of sensitive health information, violating GDPR and other data protection regulations, resulting in legal and financial penalties. Additionally, the ability to write arbitrary files to the system could be leveraged to implant malware or backdoors, compromising system integrity and patient safety. Healthcare providers, research institutions, and health IT vendors in Europe that rely on these libraries for interoperability and data exchange are particularly at risk. The impact extends beyond confidentiality to potential reputational damage and operational disruptions if systems are compromised or require emergency remediation.

Mitigation Recommendations

European healthcare organizations should immediately audit their use of HL7 FHIR Core Libraries and identify versions prior to 5.6.106. Where possible, upgrade to version 5.6.106 or later once available to ensure the vulnerability is patched. In the absence of an official patch, implement strict input validation and sanitization on all archive files before decompression, specifically checking for directory traversal patterns and disallowing directory names that contain allowed directory names as substrings. Employ application-layer controls to restrict file write locations and enforce least privilege on processes handling decompression to limit the impact of any successful exploitation. Monitor file system changes and logs for suspicious activity related to decompression operations. Additionally, conduct regular security assessments and penetration tests focusing on file handling components. Engage with HL7 FHIR library maintainers and community for updates and advisories. Finally, ensure incident response plans are updated to address potential exploitation scenarios involving this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2023-03-15T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6835cf87182aa0cae21621b0

Added to database: 5/27/2025, 2:43:19 PM

Last enriched: 7/6/2025, 4:27:20 AM

Last updated: 7/29/2025, 3:17:51 AM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats