CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2018-7513 (GCVE-0-2018-7513)
Vulnerability from cvelistv5 – Published: 2018-03-21 20:00 – Updated: 2024-09-17 02:42
VLAI
Summary
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/103394 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ICS-CERT | Omron CX-Supervisor |
Affected:
Version 3.30 and prior
|
Date Public
2018-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103394"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Omron CX-Supervisor",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Version 3.30 and prior"
}
]
}
],
"datePublic": "2018-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-02T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "103394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103394"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-03-13T00:00:00",
"ID": "CVE-2018-7513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Omron CX-Supervisor",
"version": {
"version_data": [
{
"version_value": "Version 3.30 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103394"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7513",
"datePublished": "2018-03-21T20:00:00.000Z",
"dateReserved": "2018-02-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:42:59.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7514 (GCVE-0-2018-7514)
Vulnerability from cvelistv5 – Published: 2018-04-17 19:00 – Updated: 2024-09-16 23:35
VLAI
Summary
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow.
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ICS-CERT | Omron CX-One |
Affected:
The following versions of CX-One are affected: CX-One Versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior.
|
Date Public
2018-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:03.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Omron CX-One",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "The following versions of CX-One are affected: CX-One Versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior."
}
]
}
],
"datePublic": "2018-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-17T18:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-17T00:00:00",
"ID": "CVE-2018-7514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Omron CX-One",
"version": {
"version_data": [
{
"version_value": "The following versions of CX-One are affected: CX-One Versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7514",
"datePublished": "2018-04-17T19:00:00.000Z",
"dateReserved": "2018-02-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:35:36.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7527 (GCVE-0-2018-7527)
Vulnerability from cvelistv5 – Published: 2018-04-26 20:00 – Updated: 2024-09-16 23:46
VLAI
Summary
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack-Based Buffer Overflow CWE-121
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104016 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WECON Technology Co., Ltd. | LeviStudio HMI Editor |
Affected:
Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior
|
|
| WECON Technology Co., Ltd. | PI Studio HMI Project Programmer |
Affected:
Build: November 11, 2017 and prior
|
Date Public
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104016"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LeviStudio HMI Editor",
"vendor": "WECON Technology Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior"
}
]
},
{
"product": "PI Studio HMI Project Programmer",
"vendor": "WECON Technology Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Build: November 11, 2017 and prior"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-Based Buffer Overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-30T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "104016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104016"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2018-7527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LeviStudio HMI Editor",
"version": {
"version_data": [
{
"version_value": "Version 1.10 part of Wecon LeviStudioU 1.8.29 and prior"
}
]
}
},
{
"product_name": "PI Studio HMI Project Programmer",
"version": {
"version_data": [
{
"version_value": "Build: November 11, 2017 and prior"
}
]
}
}
]
},
"vendor_name": "WECON Technology Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-Based Buffer Overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104016"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7527",
"datePublished": "2018-04-26T20:00:00.000Z",
"dateReserved": "2018-02-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:46:12.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8839 (GCVE-0-2018-8839)
Vulnerability from cvelistv5 – Published: 2018-04-30 15:00 – Updated: 2024-09-16 20:13
VLAI
Summary
Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack-based buffer overflow CWE-121
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104013 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | PMSoft |
Affected:
v 2.10 or prior.
|
Date Public
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PMSoft",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "v 2.10 or prior."
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft\u0027s fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-01T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "104013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2018-8839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PMSoft",
"version": {
"version_data": [
{
"version_value": "v 2.10 or prior."
}
]
}
}
]
},
"vendor_name": "Delta Electronics"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft\u0027s fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104013"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8839",
"datePublished": "2018-04-30T15:00:00.000Z",
"dateReserved": "2018-03-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:13:20.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8840 (GCVE-0-2018-8840)
Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-09-16 17:53
VLAI
Summary
A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/103949 | vdb-entryx_refsource_BID |
| http://software.schneider-electric.com/pdf/securi… | x_refsource_MISC |
| https://www.tenable.com/security/research/tra-2018-07 | x_refsource_MISC |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ICS-CERT | Schneider Electric InduSoft Web Studio and InTouch Machine Edition |
Affected:
InduSoft Web Studio v8.1 and prior versions, and InTouch Machine Edition 2017 v8.1 and prior versions.
|
Date Public
2018-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103949"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-07"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric InduSoft Web Studio and InTouch Machine Edition",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "InduSoft Web Studio v8.1 and prior versions, and InTouch Machine Edition 2017 v8.1 and prior versions."
}
]
}
],
"datePublic": "2018-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-24T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "103949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103949"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-07"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-06T00:00:00",
"ID": "CVE-2018-8840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric InduSoft Web Studio and InTouch Machine Edition",
"version": {
"version_data": [
{
"version_value": "InduSoft Web Studio v8.1 and prior versions, and InTouch Machine Edition 2017 v8.1 and prior versions."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103949"
},
{
"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/",
"refsource": "MISC",
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-07",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-07"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8840",
"datePublished": "2018-04-18T20:00:00.000Z",
"dateReserved": "2018-03-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:53:19.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8847 (GCVE-0-2018-8847)
Vulnerability from cvelistv5 – Published: 2018-07-13 19:00 – Updated: 2024-09-16 17:27
VLAI
Summary
Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.eaton.com/content/dam/eaton/company/ne… | x_refsource_MISC |
| http://www.securityfocus.com/bid/104736 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-193-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ICS-CERT | Eaton 9000X Drive |
Affected:
Versions 2.0.29 and prior
|
Date Public
2017-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:45.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton_9000X_Drive.pdf"
},
{
"name": "104736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104736"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-193-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eaton 9000X Drive",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Versions 2.0.29 and prior"
}
]
}
],
"datePublic": "2017-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T11:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton_9000X_Drive.pdf"
},
{
"name": "104736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104736"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-193-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-05-17T00:00:00",
"ID": "CVE-2018-8847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eaton 9000X Drive",
"version": {
"version_data": [
{
"version_value": "Versions 2.0.29 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton_9000X_Drive.pdf",
"refsource": "MISC",
"url": "http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton_9000X_Drive.pdf"
},
{
"name": "104736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104736"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-193-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-193-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8847",
"datePublished": "2018-07-13T19:00:00.000Z",
"dateReserved": "2018-03-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:27:52.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8865 (GCVE-0-2018-8865)
Vulnerability from cvelistv5 – Published: 2018-05-04 17:00 – Updated: 2024-09-17 01:36
VLAI
Summary
In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/104098 | vdb-entryx_refsource_BID |
Date Public
2018-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01"
},
{
"name": "104098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IDS 2102",
"vendor": "Lantech",
"versions": [
{
"status": "affected",
"version": "2.0 and prior"
}
]
}
],
"datePublic": "2018-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-09T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01"
},
{
"name": "104098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-03T00:00:00",
"ID": "CVE-2018-8865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IDS 2102",
"version": {
"version_data": [
{
"version_value": "2.0 and prior"
}
]
}
}
]
},
"vendor_name": "Lantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01"
},
{
"name": "104098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8865",
"datePublished": "2018-05-04T17:00:00.000Z",
"dateReserved": "2018-03-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:36:36.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0008 (GCVE-0-2019-0008)
Vulnerability from cvelistv5 – Published: 2019-04-10 20:13 – Updated: 2024-09-16 16:17
VLAI
Title
QFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process
Summary
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2.
Severity
9.8 (Critical)
CWE
- CWE-121 - Stack based buffer overflow vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA10930 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107897 | vdb-entryx_refsource_BID |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
14.1X53
Affected: 15.1X53 , < 15.1X53-D235 (custom) Affected: 17.1 , < 17.1R3 (custom) Affected: 18.1 , < 18.1R3-S1, 18.1R4 (custom) Affected: 18.2 , < 18.2R2 (custom) Affected: 18.3 , < 18.3R2 (custom) |
|
| Juniper Networks | Junos OS |
Affected:
17.2 , < 17.2R3
(custom)
Affected: 17.3 , < 17.3R3-S2, 17.3R4 (custom) Affected: 17.4 , < 17.4R2-S1, 17.4R3 (custom) |
|
| Juniper Networks | Junos OS |
Affected:
18.2X75 , < 18.2X75-D30
(custom)
|
Date Public
2019-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10930"
},
{
"name": "107897",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107897"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QFX5000 series, EX4300, EX4600"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "14.1X53"
},
{
"lessThan": "15.1X53-D235",
"status": "affected",
"version": "15.1X53",
"versionType": "custom"
},
{
"lessThan": "17.1R3",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S1, 18.1R4",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
}
]
},
{
"platforms": [
"QFX5000 series, EX4300, EX4600"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.2R3",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S2, 17.3R4",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S1, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.2X75-D30",
"status": "affected",
"version": "18.2X75",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack based buffer overflow vulnerability",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-15T09:06:04.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10930"
},
{
"name": "107897",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107897"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 15.1X53-D235, 17.1R3, 17.2R3, 17.3R3-S2, 17.3R4, 17.4R2-S1, 17.4R3, 18.1R3-S1, 18.1R4, 18.2R2, 18.2X75-D30, 18.3R2, 18.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10930",
"defect": [
"1371400"
],
"discovery": "USER"
},
"title": "QFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0008",
"STATE": "PUBLIC",
"TITLE": "QFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "=",
"version_name": "14.1X53",
"version_value": "14.1X53"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "\u003c",
"version_name": "15.1X53",
"version_value": "15.1X53-D235"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R3"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S2, 17.3R4"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S1, 17.4R3"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S1, 18.1R4"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D30"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack based buffer overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10930",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10930"
},
{
"name": "107897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107897"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 15.1X53-D235, 17.1R3, 17.2R3, 17.3R3-S2, 17.3R4, 17.4R2-S1, 17.4R3, 18.1R3-S1, 18.1R4, 18.2R2, 18.2X75-D30, 18.3R2, 18.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10930",
"defect": [
"1371400"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0008",
"datePublished": "2019-04-10T20:13:50.973Z",
"dateReserved": "2018-10-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:17:56.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0053 (GCVE-0-2019-0053)
Vulnerability from cvelistv5 – Published: 2019-07-11 19:40 – Updated: 2024-09-16 19:15
VLAI
Title
Junos OS: Insufficient validation of environment variables in telnet client may lead to stack-based buffer overflow
Summary
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.
Severity
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
8 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3 versions prior to 12.3R12-S13
Affected: 12.3X48 versions prior to 12.3X48-D80 Affected: 14.1X53 versions prior to 14.1X53-D130 and 14.1X53-D49 Affected: 15.1 versions prior to 15.1F6-S12 and15.1R7-S4 Affected: 15.1X49 versions prior to 15.1X49-D170 Affected: 15.1X53 versions prior to 15.1X53-D237 and 15.1X53-D496 and 15.1X53-D591 and 15.1X53-D69 Affected: 16.1 versions prior to 16.1R3-S11 and 16.1R7-S4 Affected: 16.2 versions prior to 16.2R2-S9 Affected: 17.1 versions prior to 17.1R3 Affected: 17.2 versions prior to 17.2R1-S8 and 17.2R2-S7 and 17.2R3-S1 Affected: 17.3 versions prior to 17.3R3-S4 Affected: 17.4 versions prior to 17.4R1-S6 and 17.4R2-S3 and 17.4R3 Affected: 18.1 versions prior to 18.1R2-S4 and 18.1R3-S3 Affected: 18.2 versions prior to 18.2R1-S5 and 18.2R2-S2 and 18.2R3 Affected: 18.2X75 versions prior to 18.2X75-D40 Affected: 18.3 versions prior to 18.3R1-S3 and 18.3R2 Affected: 18.4 versions prior to 18.4R1-S2 and 18.4R2 |
Date Public
2019-07-10 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10947"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45982"
},
{
"name": "FreeBSD-SA-19:12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:12.telnet.asc"
},
{
"name": "20190724 FreeBSD Security Advisory FreeBSD-SA-19:12.telnet",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/45"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153746/FreeBSD-Security-Advisory-FreeBSD-SA-19-12.telnet.html"
},
{
"name": "[debian-lts-announce] 20221125 [SECURITY] [DLA 3205-1] inetutils security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html"
},
{
"name": "[debian-lts-announce] 20231008 [SECURITY] [DLA 3611-1] inetutils security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "12.3 versions prior to 12.3R12-S13"
},
{
"status": "affected",
"version": "12.3X48 versions prior to 12.3X48-D80"
},
{
"status": "affected",
"version": "14.1X53 versions prior to 14.1X53-D130 and 14.1X53-D49"
},
{
"status": "affected",
"version": "15.1 versions prior to 15.1F6-S12 and15.1R7-S4"
},
{
"status": "affected",
"version": "15.1X49 versions prior to 15.1X49-D170"
},
{
"status": "affected",
"version": "15.1X53 versions prior to 15.1X53-D237 and 15.1X53-D496 and 15.1X53-D591 and 15.1X53-D69"
},
{
"status": "affected",
"version": "16.1 versions prior to 16.1R3-S11 and 16.1R7-S4"
},
{
"status": "affected",
"version": "16.2 versions prior to 16.2R2-S9"
},
{
"status": "affected",
"version": "17.1 versions prior to 17.1R3"
},
{
"status": "affected",
"version": "17.2 versions prior to 17.2R1-S8 and 17.2R2-S7 and 17.2R3-S1"
},
{
"status": "affected",
"version": "17.3 versions prior to 17.3R3-S4"
},
{
"status": "affected",
"version": "17.4 versions prior to 17.4R1-S6 and 17.4R2-S3 and 17.4R3"
},
{
"status": "affected",
"version": "18.1 versions prior to 18.1R2-S4 and 18.1R3-S3"
},
{
"status": "affected",
"version": "18.2 versions prior to 18.2R1-S5 and 18.2R2-S2 and 18.2R3"
},
{
"status": "affected",
"version": "18.2X75 versions prior to 18.2X75-D40"
},
{
"status": "affected",
"version": "18.3 versions prior to 18.3R1-S3 and 18.3R2"
},
{
"status": "affected",
"version": "18.4 versions prior to 18.4R1-S2 and 18.4R2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthew Hickey, Hacker House (https://hacker.house/) who reported this issue on November 12, 2018."
}
],
"datePublic": "2019-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client \u2014 accessible from the CLI or shell \u2014 in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-02T00:17:56.689Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA10947"
},
{
"url": "https://www.exploit-db.com/exploits/45982"
},
{
"name": "FreeBSD-SA-19:12",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:12.telnet.asc"
},
{
"name": "20190724 FreeBSD Security Advisory FreeBSD-SA-19:12.telnet",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/Jul/45"
},
{
"url": "http://packetstormsecurity.com/files/153746/FreeBSD-Security-Advisory-FreeBSD-SA-19-12.telnet.html"
},
{
"name": "[debian-lts-announce] 20221125 [SECURITY] [DLA 3205-1] inetutils security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html"
},
{
"name": "[debian-lts-announce] 20231008 [SECURITY] [DLA 3611-1] inetutils security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 14.1X53-D130, 14.1X53-D49, 15.1F6-S12, 15.1R7-S4, 15.1X49-D170, 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S4, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3-S1, 17.3R3-S4, 17.4R1-S6, 17.4R2-S3, 17.4R3, 18.1R2-S4, 18.1R3-S3, 18.2R1-S5, 18.2R2-S2, 18.2R3, 18.2X75-D40, 18.3R1-S3, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10947",
"defect": [
"1409847"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: Insufficient validation of environment variables in telnet client may lead to stack-based buffer overflow",
"workarounds": [
{
"lang": "en",
"value": "Since this issue is specific to outbound connections to a malicious host from the local telnet client, mitigation includes:\n* limit access to the Junos CLI and shell from only from trusted administrators\n* block outbound telnet connections\n* deny access to the telnet command and shell per user or user class"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0053",
"datePublished": "2019-07-11T19:40:52.382Z",
"dateReserved": "2018-10-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:15:29.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10164 (GCVE-0-2019-10164)
Vulnerability from cvelistv5 – Published: 2019-06-26 15:29 – Updated: 2024-08-04 22:10
VLAI
Summary
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
Severity
7.5 (High)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://www.postgresql.org/about/news/1949/ | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202003-03 | vendor-advisoryx_refsource_GENTOO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PostgreSQL | PostgreSQL |
Affected:
10.9
Affected: 11.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.postgresql.org/about/news/1949/"
},
{
"name": "openSUSE-SU-2019:1773",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html"
},
{
"name": "FEDORA-2019-9f04a701c0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/"
},
{
"name": "FEDORA-2019-e43f49b428",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/"
},
{
"name": "GLSA-202003-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostgreSQL",
"vendor": "PostgreSQL",
"versions": [
{
"status": "affected",
"version": "10.9"
},
{
"status": "affected",
"version": "11.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user\u0027s own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T21:06:08.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.postgresql.org/about/news/1949/"
},
{
"name": "openSUSE-SU-2019:1773",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html"
},
{
"name": "FEDORA-2019-9f04a701c0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/"
},
{
"name": "FEDORA-2019-e43f49b428",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/"
},
{
"name": "GLSA-202003-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "10.9"
},
{
"version_value": "11.4"
}
]
}
}
]
},
"vendor_name": "PostgreSQL"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user\u0027s own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164"
},
{
"name": "https://www.postgresql.org/about/news/1949/",
"refsource": "MISC",
"url": "https://www.postgresql.org/about/news/1949/"
},
{
"name": "openSUSE-SU-2019:1773",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html"
},
{
"name": "FEDORA-2019-9f04a701c0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/"
},
{
"name": "FEDORA-2019-e43f49b428",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/"
},
{
"name": "GLSA-202003-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10164",
"datePublished": "2019-06-26T15:29:13.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:10.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Description:
- Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.