Common Weakness Enumeration

CWE-754

Allowed-with-Review

Improper Check for Unusual or Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

909 vulnerabilities reference this CWE, most recent first.

GHSA-G5FM-JP9V-2432

Vulnerability from github – Published: 2022-06-21 20:06 – Updated: 2022-07-08 17:05
VLAI
Summary
Improper Handling of `callbackUrl` parameter in next-auth
Details

Impact

An attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally we convert to a URL object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to our API route handler timing out and logging in to fail. This has been remedied in the following releases:

next-auth v3 users before version 3.29.5 are impacted. (We recommend upgrading to v4, as v3 is considered unmaintained. See our migration guide)

next-auth v4 users before version 4.5.0 are impacted.

Patches

We've released patches for this vulnerability in:

  • v3 - 3.29.5
  • v4 - 4.5.0

You can do:

npm i next-auth@latest

or

yarn add next-auth@latest

or

pnpm add next-auth@latest

(This will update to the latest v4 version, but you can change latest to 3 if you want to stay on v3. This is not recommended.)

Workarounds

If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Here is an example:

Before:

// pages/api/auth/[...nextauth].js
import NextAuth from "next-auth"

export default NextAuth(/* your config */)

After:

// pages/api/auth/[...nextauth].js
import NextAuth from "next-auth"

function isValidHttpUrl(url) {
  try {
    return /^https?:/.test(url).protocol
  } catch {
    return false;
  }
}

export default async function handler(req, res) {
  if (
    req.query.callbackUrl &&
    !isValidHttpUrl(req.query.callbackUrl)
  ) {
   return res.status(500).send('');
  }

  return await NextAuth(req, res, /* your config */)
}

References

This vulnerability was discovered not long after https://github.com/nextauthjs/next-auth/security/advisories/GHSA-q2mx-j4x2-2h74 was published and is very similar in nature.

Related documentation:

  • https://next-auth.js.org/getting-started/client#specifying-a-callbackurl
  • https://next-auth.js.org/configuration/callbacks#redirect-callback

A test case has been added so this kind of issue will be checked before publishing. See: https://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6

For more information

If you have any concerns, we request responsible disclosure, outlined here: https://next-auth.js.org/security#reporting-a-vulnerability

Timeline

The issue was reported 2022 June 10th, a response was sent out to the reporter in less than 2 hours, and a patch was published within 3 hours.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "next-auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.29.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "next-auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31093"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-21T20:06:36Z",
    "nvd_published_at": "2022-06-27T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nAn attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally we convert to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to our **API route handler timing out and logging in to fail**. This has been remedied in the following releases:\n\nnext-auth v3 users before version 3.29.5 are impacted. (We recommend upgrading to v4, as v3 is considered unmaintained. See our [migration guide](https://next-auth.js.org/getting-started/upgrade-v4))\n\nnext-auth v4 users before version 4.5.0 are impacted.\n\n### Patches\n\nWe\u0027ve released patches for this vulnerability in:\n  \n- v3 - `3.29.5`\n- v4 - `4.5.0`\n\nYou can do:\n\n```sh\nnpm i next-auth@latest\n```\n\nor\n\n```sh\nyarn add next-auth@latest\n```\n\nor\n\n```sh\npnpm add next-auth@latest\n```\n\n(This will update to the latest v4 version, but you can change  `latest` to `3` if you want to stay on v3. This is not recommended.)\n\n### Workarounds\n\nIf for some reason you cannot upgrade, the workaround requires you to rely on [Advanced Initialization](https://next-auth.js.org/configuration/initialization#advanced-initialization). Here is an example:\n\n**Before:**\n\n```js\n// pages/api/auth/[...nextauth].js\nimport NextAuth from \"next-auth\"\n\nexport default NextAuth(/* your config */)\n```\n\n**After:**\n\n```js\n// pages/api/auth/[...nextauth].js\nimport NextAuth from \"next-auth\"\n\nfunction isValidHttpUrl(url) {\n  try {\n    return /^https?:/.test(url).protocol\n  } catch {\n    return false;\n  }\n}\n\nexport default async function handler(req, res) {\n  if (\n    req.query.callbackUrl \u0026\u0026\n    !isValidHttpUrl(req.query.callbackUrl)\n  ) {\n   return res.status(500).send(\u0027\u0027);\n  }\n  \n  return await NextAuth(req, res, /* your config */)\n}\n```\n\n\n### References\n\nThis vulnerability was discovered not long after https://github.com/nextauthjs/next-auth/security/advisories/GHSA-q2mx-j4x2-2h74 was published and is very similar in nature.\n\nRelated documentation:\n\n- https://next-auth.js.org/getting-started/client#specifying-a-callbackurl\n- https://next-auth.js.org/configuration/callbacks#redirect-callback\n\nA test case has been added so this kind of issue will be checked before publishing. See: https://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6\n\n### For more information\n\nIf you have any concerns, we request responsible disclosure, outlined here: https://next-auth.js.org/security#reporting-a-vulnerability\n\n### Timeline\n\nThe issue was reported 2022 June 10th, a response was sent out to the reporter in less than 2 hours, and a patch was published within 3 hours.",
  "id": "GHSA-g5fm-jp9v-2432",
  "modified": "2022-07-08T17:05:36Z",
  "published": "2022-06-21T20:06:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-g5fm-jp9v-2432"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31093"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nextauthjs/next-auth/commit/25517b73153332d948114bacdff3b5908de91d85"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nextauthjs/next-auth"
    },
    {
      "type": "WEB",
      "url": "https://next-auth.js.org/configuration/initialization#advanced-initialization"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Handling of `callbackUrl` parameter in next-auth"
}

GHSA-G5VX-C2FQ-6JM8

Vulnerability from github – Published: 2024-10-03 18:30 – Updated: 2024-10-30 15:30
VLAI
Details

Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7826"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-03T17:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.",
  "id": "GHSA-g5vx-c2fq-6jm8",
  "modified": "2024-10-30T15:30:44Z",
  "published": "2024-10-03T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7826"
    },
    {
      "type": "WEB",
      "url": "https://answers.webroot.com/Webroot/ukp.aspx?pid=12\u0026app=vw\u0026vw=1\u0026login=1\u0026json=1\u0026solutionid=4275"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G624-89XP-HMX8

Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2022-05-24 17:02
VLAI
Details

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-09T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.",
  "id": "GHSA-g624-89xp-hmx8",
  "modified": "2022-05-24T17:02:54Z",
  "published": "2022-05-24T17:02:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19646"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191223-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.sqlite.org"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G6QP-9V7F-3WH3

Vulnerability from github – Published: 2023-12-12 09:30 – Updated: 2023-12-12 09:30
VLAI
Details

Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49607"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-12T09:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Mattermost fails to validate the type of the \"reminder\" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog.\n\n",
  "id": "GHSA-g6qp-9v7f-3wh3",
  "modified": "2023-12-12T09:30:33Z",
  "published": "2023-12-12T09:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49607"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G8CX-CCC5-RJFW

Vulnerability from github – Published: 2025-04-11 04:19 – Updated: 2025-04-11 04:19
VLAI
Details

A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.

Cloud NGFW is not affected by this vulnerability. Prisma® Access software is proactively patched and protected from this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-11T02:15:19Z",
    "severity": "HIGH"
  },
  "details": "A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\n\nCloud NGFW is not affected by this vulnerability. Prisma\u00ae Access software is proactively patched and protected from this issue.",
  "id": "GHSA-g8cx-ccc5-rjfw",
  "modified": "2025-04-11T04:19:27Z",
  "published": "2025-04-11T04:19:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0128"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G8HJ-GFGG-57FR

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI
Details

An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21773"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-131",
      "CWE-754",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-31T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.",
  "id": "GHSA-g8hj-gfgg-57fr",
  "modified": "2022-05-24T17:45:56Z",
  "published": "2022-05-24T17:45:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21773"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G8PP-M4FH-WJG4

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-05-24 16:46
VLAI
Details

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7856"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-22T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.",
  "id": "GHSA-g8pp-m4fh-wjg4",
  "modified": "2022-05-24T16:46:14Z",
  "published": "2022-05-24T16:46:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7856"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G986-42M5-MXWM

Vulnerability from github – Published: 2022-09-01 00:00 – Updated: 2023-01-20 21:30
VLAI
Details

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-38152"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-31T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL\u0027s compatibility layer and is not enabled by default. It is not part of wolfSSL\u0027s native API.",
  "id": "GHSA-g986-42m5-mxwm",
  "modified": "2023-01-20T21:30:31Z",
  "published": "2022-09-01T00:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38152"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/pull/5468"
    },
    {
      "type": "WEB",
      "url": "https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tlspuffin/tlspuffin"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/releases"
    },
    {
      "type": "WEB",
      "url": "https://www.wolfssl.com/docs/security-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/170604/wolfSSL-Session-Resumption-Denial-Of-Service.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Jan/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G9M2-7JC6-PMVF

Vulnerability from github – Published: 2025-04-17 03:30 – Updated: 2025-04-17 03:30
VLAI
Details

Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43715"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-17T03:15:16Z",
    "severity": "HIGH"
  },
  "details": "Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.",
  "id": "GHSA-g9m2-7jc6-pmvf",
  "modified": "2025-04-17T03:30:30Z",
  "published": "2025-04-17T03:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43715"
    },
    {
      "type": "WEB",
      "url": "https://nsis.sourceforge.io/Docs/AppendixF.html#v3.11-rl"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/nsis/bugs/1315"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G9PM-VPPM-577Q

Vulnerability from github – Published: 2022-03-09 00:00 – Updated: 2025-08-12 12:30
VLAI
Details

A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0). The third-party component in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-08T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions \u003c V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions \u003c V5.6.0), RUGGEDCOM ROS RS416v2 (All versions \u003c V5.6.0), RUGGEDCOM ROS RS900G (All versions \u003c V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100P (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSL910 (All versions \u003c V5.6.0), RUGGEDCOM ROS RST2228 (All versions \u003c V5.6.0), RUGGEDCOM ROS RST916C (All versions \u003c V5.6.0), RUGGEDCOM ROS RST916P (All versions \u003c V5.6.0). The third-party component in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.",
  "id": "GHSA-g9pm-vppm-577q",
  "modified": "2025-08-12T12:30:32Z",
  "published": "2022-03-09T00:00:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42020"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-256353.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248).
Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is expected.

Mitigation
Implementation

If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).

Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
  • Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS.
Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-38
Architecture and Design Implementation

If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.

Mitigation
Architecture and Design

Use system limits, which should help to prevent resource exhaustion. However, the product should still handle low resource conditions since they may still occur.

No CAPEC attack patterns related to this CWE.