CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2020-25189 (GCVE-0-2020-25189)
Vulnerability from cvelistv5 – Published: 2020-11-21 16:58 – Updated: 2024-08-04 15:26
VLAI
Summary
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).
Severity
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-324-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP150",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Firmware version 5.02.09"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-21T16:58:42.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP150",
"version": {
"version_data": [
{
"version_value": "Firmware version 5.02.09"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25189",
"datePublished": "2020-11-21T16:58:42.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:26:09.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25844 (GCVE-0-2020-25844)
Vulnerability from cvelistv5 – Published: 2020-12-31 07:45 – Updated: 2024-09-16 16:53
VLAI
Title
CHANGING Inc. NHIServiSignAdapter Windows Versions - Stack Overflow
Summary
The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.
Severity
8.1 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4272-23ba4-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CHANGING Inc. | NHIServiSignAdapter |
Affected:
1.0.20.0218
|
Date Public
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4272-23ba4-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "NHIServiSignAdapter",
"vendor": "CHANGING Inc.",
"versions": [
{
"status": "affected",
"version": "1.0.20.0218"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVORE"
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The digest generation function of NHIServiSignAdapter has not been verified for parameter\u2019s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:46.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4272-23ba4-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.0.20.1109"
}
],
"source": {
"advisory": "TVN-202012003",
"discovery": "EXTERNAL"
},
"title": "CHANGING Inc. NHIServiSignAdapter Windows Versions - Stack Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T07:18:00.000Z",
"ID": "CVE-2020-25844",
"STATE": "PUBLIC",
"TITLE": "CHANGING Inc. NHIServiSignAdapter Windows Versions - Stack Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NHIServiSignAdapter",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "=",
"version_value": "1.0.20.0218"
}
]
}
}
]
},
"vendor_name": "CHANGING Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The digest generation function of NHIServiSignAdapter has not been verified for parameter\u2019s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4272-23ba4-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4272-23ba4-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.0.20.1109"
}
],
"source": {
"advisory": "TVN-202012003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-25844",
"datePublished": "2020-12-31T07:45:46.812Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:53:50.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25854 (GCVE-0-2020-25854)
Vulnerability from cvelistv5 – Published: 2021-02-03 16:49 – Updated: 2024-08-04 15:49
VLAI
Summary
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack buffer overflow (CWE-121)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.vdoo.com/blog/realtek-rtl8195a-vulner… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Realtek RTL8195A Wi-Fi Module |
Affected:
Versions before 2020-04-21 (up to and excluding 2.08)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:05.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Realtek RTL8195A Wi-Fi Module",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions before 2020-04-21 (up to and excluding 2.08)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack buffer overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-03T16:49:08.000Z",
"orgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
"shortName": "VDOO"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@vdoo.com",
"ID": "CVE-2020-25854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Realtek RTL8195A Wi-Fi Module",
"version": {
"version_data": [
{
"version_value": "Versions before 2020-04-21 (up to and excluding 2.08)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack buffer overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/",
"refsource": "CONFIRM",
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
"assignerShortName": "VDOO",
"cveId": "CVE-2020-25854",
"datePublished": "2021-02-03T16:49:08.000Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:49:05.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25855 (GCVE-0-2020-25855)
Vulnerability from cvelistv5 – Published: 2021-02-03 16:49 – Updated: 2024-08-04 15:49
VLAI
Summary
The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack buffer overflow (CWE-121)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.vdoo.com/blog/realtek-rtl8195a-vulner… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Realtek RTL8195A Wi-Fi Module |
Affected:
Versions before 2020-04-21 (up to and excluding 2.08)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:05.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Realtek RTL8195A Wi-Fi Module",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions before 2020-04-21 (up to and excluding 2.08)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack buffer overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-03T16:49:05.000Z",
"orgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
"shortName": "VDOO"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@vdoo.com",
"ID": "CVE-2020-25855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Realtek RTL8195A Wi-Fi Module",
"version": {
"version_data": [
{
"version_value": "Versions before 2020-04-21 (up to and excluding 2.08)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack buffer overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/",
"refsource": "CONFIRM",
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
"assignerShortName": "VDOO",
"cveId": "CVE-2020-25855",
"datePublished": "2021-02-03T16:49:05.000Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:49:05.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25856 (GCVE-0-2020-25856)
Vulnerability from cvelistv5 – Published: 2021-02-03 16:49 – Updated: 2024-08-04 15:49
VLAI
Summary
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack buffer overflow (CWE-121)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.vdoo.com/blog/realtek-rtl8195a-vulner… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Realtek RTL8195A Wi-Fi Module |
Affected:
Versions before 2020-04-21 (up to and excluding 2.08)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:05.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Realtek RTL8195A Wi-Fi Module",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions before 2020-04-21 (up to and excluding 2.08)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack buffer overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-03T16:49:02.000Z",
"orgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
"shortName": "VDOO"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@vdoo.com",
"ID": "CVE-2020-25856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Realtek RTL8195A Wi-Fi Module",
"version": {
"version_data": [
{
"version_value": "Versions before 2020-04-21 (up to and excluding 2.08)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack buffer overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/",
"refsource": "CONFIRM",
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
"assignerShortName": "VDOO",
"cveId": "CVE-2020-25856",
"datePublished": "2021-02-03T16:49:02.000Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:49:05.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25857 (GCVE-0-2020-25857)
Vulnerability from cvelistv5 – Published: 2021-02-03 16:48 – Updated: 2024-08-04 15:49
VLAI
Summary
The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack buffer overflow (CWE-121)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.vdoo.com/blog/realtek-rtl8195a-vulner… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Realtek RTL8195A Wi-Fi Module |
Affected:
Versions before 2020-04-21 (up to and excluding 2.08)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:05.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Realtek RTL8195A Wi-Fi Module",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions before 2020-04-21 (up to and excluding 2.08)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network\u0027s PSK."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack buffer overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-03T16:48:59.000Z",
"orgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
"shortName": "VDOO"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@vdoo.com",
"ID": "CVE-2020-25857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Realtek RTL8195A Wi-Fi Module",
"version": {
"version_data": [
{
"version_value": "Versions before 2020-04-21 (up to and excluding 2.08)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network\u0027s PSK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack buffer overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/",
"refsource": "CONFIRM",
"url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
"assignerShortName": "VDOO",
"cveId": "CVE-2020-25857",
"datePublished": "2021-02-03T16:48:59.000Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:49:05.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26989 (GCVE-0-2020-26989)
Vulnerability from cvelistv5 – Published: 2021-01-12 20:18 – Updated: 2024-08-04 16:03
VLAI
Summary
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892)
Severity
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | JT2Go |
Affected:
All versions < V13.1.0.1
|
|
| Siemens | Solid Edge SE2020 |
Affected:
All Versions < SE2020MP12
|
|
| Siemens | Solid Edge SE2021 |
Affected:
All Versions < SE2021MP2
|
|
| Siemens | Teamcenter Visualization |
Affected:
All versions < V13.1.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-050/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JT2Go",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0.1"
}
]
},
{
"product": "Solid Edge SE2020",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c SE2020MP12"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c SE2021MP2"
}
]
},
{
"product": "Teamcenter Visualization",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T13:51:24.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-050/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-26989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0.1"
}
]
}
},
{
"product_name": "Solid Edge SE2020",
"version": {
"version_data": [
{
"version_value": "All Versions \u003c SE2020MP12"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All Versions \u003c SE2021MP2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0.1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.1), Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2), Teamcenter Visualization (All versions \u003c V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-050/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-050/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-26989",
"datePublished": "2021-01-12T20:18:34.000Z",
"dateReserved": "2020-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:03:23.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26992 (GCVE-0-2020-26992)
Vulnerability from cvelistv5 – Published: 2021-01-12 20:18 – Updated: 2024-08-04 16:03
VLAI
Summary
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | JT2Go |
Affected:
All versions < V13.1.0
|
|
| Siemens | Teamcenter Visualization |
Affected:
All versions < V13.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JT2Go",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0"
}
]
},
{
"product": "Teamcenter Visualization",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T13:51:24.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-26992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-26992",
"datePublished": "2021-01-12T20:18:35.000Z",
"dateReserved": "2020-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:03:23.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26993 (GCVE-0-2020-26993)
Vulnerability from cvelistv5 – Published: 2021-01-12 20:18 – Updated: 2024-08-04 16:03
VLAI
Summary
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | JT2Go |
Affected:
All versions < V13.1.0
|
|
| Siemens | Teamcenter Visualization |
Affected:
All versions < V13.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JT2Go",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0"
}
]
},
{
"product": "Teamcenter Visualization",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T13:51:24.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-26993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-26993",
"datePublished": "2021-01-12T20:18:35.000Z",
"dateReserved": "2020-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:03:23.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27001 (GCVE-0-2020-27001)
Vulnerability from cvelistv5 – Published: 2021-02-09 15:38 – Updated: 2024-08-04 16:03
VLAI
Summary
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041)
Severity
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | JT2Go |
Affected:
All versions < V13.1.0.2
|
|
| Siemens | Teamcenter Visualization |
Affected:
All versions < V13.1.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JT2Go",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0.2"
}
]
},
{
"product": "Teamcenter Visualization",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T13:51:24.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-27001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0.2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0.2), Teamcenter Visualization (All versions \u003c V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-27001",
"datePublished": "2021-02-09T15:38:19.000Z",
"dateReserved": "2020-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:03:23.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Description:
- Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.