CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CVE-2019-5154 (GCVE-0-2019-5154)
Vulnerability from cvelistv5 – Published: 2019-12-11 23:47 – Updated: 2024-08-04 19:47
VLAI
Summary
An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.
Severity
8.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://talosintelligence.com/vulnerability_repor… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LEADTOOLS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20.0.2019.3.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:34:59.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LEADTOOLS",
"version": {
"version_data": [
{
"version_value": "20.0.2019.3.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0945",
"refsource": "CONFIRM",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5154",
"datePublished": "2019-12-11T23:47:20.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:47:56.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5436 (GCVE-0-2019-5436)
Vulnerability from cvelistv5 – Published: 2019-05-28 18:47 – Updated: 2026-04-15 20:51
VLAI
Summary
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Severity
7.8 (High)
CWE
- CWE-122 - Heap Overflow (CWE-122)
Assigner
References
14 references
Date Public
2019-05-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2019:1492",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html"
},
{
"name": "openSUSE-SU-2019:1508",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html"
},
{
"name": "FEDORA-2019-697de0501f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/"
},
{
"name": "[oss-security] 20190911 [SECURITY ADVISORY] curl: TFTP small blocksize heap buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/11/6"
},
{
"name": "DSA-4633",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4633"
},
{
"name": "20200225 [SECURITY] [DSA 4633-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/36"
},
{
"name": "GLSA-202003-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190606-0004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://curl.haxx.se/docs/CVE-2019-5436.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K55133295"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K55133295?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-5436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T20:51:08.976664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T20:51:25.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "curl",
"vendor": "curl",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.65.0"
}
]
}
],
"datePublic": "2019-05-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:15:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "openSUSE-SU-2019:1492",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html"
},
{
"name": "openSUSE-SU-2019:1508",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html"
},
{
"name": "FEDORA-2019-697de0501f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/"
},
{
"name": "[oss-security] 20190911 [SECURITY ADVISORY] curl: TFTP small blocksize heap buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/11/6"
},
{
"name": "DSA-4633",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4633"
},
{
"name": "20200225 [SECURITY] [DSA 4633-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/36"
},
{
"name": "GLSA-202003-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190606-0004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://curl.haxx.se/docs/CVE-2019-5436.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K55133295"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K55133295?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "curl",
"version": {
"version_data": [
{
"version_value": "Fixed in 7.65.0"
}
]
}
}
]
},
"vendor_name": "curl"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2019:1492",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html"
},
{
"name": "openSUSE-SU-2019:1508",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html"
},
{
"name": "FEDORA-2019-697de0501f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/"
},
{
"name": "[oss-security] 20190911 [SECURITY ADVISORY] curl: TFTP small blocksize heap buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/11/6"
},
{
"name": "DSA-4633",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4633"
},
{
"name": "20200225 [SECURITY] [DSA 4633-1] curl security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/36"
},
{
"name": "GLSA-202003-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-29"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190606-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190606-0004/"
},
{
"name": "https://curl.haxx.se/docs/CVE-2019-5436.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/CVE-2019-5436.html"
},
{
"name": "https://support.f5.com/csp/article/K55133295",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K55133295"
},
{
"name": "https://support.f5.com/csp/article/K55133295?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K55133295?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5436",
"datePublished": "2019-05-28T18:47:32.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2026-04-15T20:51:25.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-5482 (GCVE-0-2019-5482)
Vulnerability from cvelistv5 – Published: 2019-09-16 18:06 – Updated: 2026-04-15 20:55
VLAI
Summary
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Severity
9.8 (Critical)
CWE
- CWE-122 - Heap Overflow (CWE-122)
Assigner
References
14 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2019:2149",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html"
},
{
"name": "FEDORA-2019-9e6357d82f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/"
},
{
"name": "FEDORA-2019-6d7f6fa2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
},
{
"name": "openSUSE-SU-2019:2169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html"
},
{
"name": "FEDORA-2019-f2a520135e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/"
},
{
"name": "DSA-4633",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4633"
},
{
"name": "20200225 [SECURITY] [DSA 4633-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/36"
},
{
"name": "GLSA-202003-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191004-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://curl.haxx.se/docs/CVE-2019-5482.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-5482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T20:55:46.434890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T20:55:58.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.19.4 to 7.65.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:15:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "openSUSE-SU-2019:2149",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html"
},
{
"name": "FEDORA-2019-9e6357d82f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/"
},
{
"name": "FEDORA-2019-6d7f6fa2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
},
{
"name": "openSUSE-SU-2019:2169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html"
},
{
"name": "FEDORA-2019-f2a520135e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/"
},
{
"name": "DSA-4633",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4633"
},
{
"name": "20200225 [SECURITY] [DSA 4633-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/36"
},
{
"name": "GLSA-202003-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191004-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://curl.haxx.se/docs/CVE-2019-5482.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "curl",
"version": {
"version_data": [
{
"version_value": "7.19.4 to 7.65.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2019:2149",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html"
},
{
"name": "FEDORA-2019-9e6357d82f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/"
},
{
"name": "FEDORA-2019-6d7f6fa2c8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
},
{
"name": "openSUSE-SU-2019:2169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html"
},
{
"name": "FEDORA-2019-f2a520135e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/"
},
{
"name": "DSA-4633",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4633"
},
{
"name": "20200225 [SECURITY] [DSA 4633-1] curl security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/36"
},
{
"name": "GLSA-202003-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-29"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200416-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191004-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191004-0003/"
},
{
"name": "https://curl.haxx.se/docs/CVE-2019-5482.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/CVE-2019-5482.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5482",
"datePublished": "2019-09-16T18:06:35.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2026-04-15T20:55:58.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-6530 (GCVE-0-2019-6530)
Vulnerability from cvelistv5 – Published: 2019-06-07 13:58 – Updated: 2024-08-04 20:23
VLAI
Summary
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.
Severity
No CVSS data available.
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/108683 | vdb-entryx_refsource_BID |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
Date Public
2019-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
},
{
"name": "108683",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108683"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FPWIN Pro",
"vendor": "Panasonic",
"versions": [
{
"status": "affected",
"version": "Version 7.3.0.0 and prior"
}
]
}
],
"datePublic": "2019-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-13T17:06:06.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
},
{
"name": "108683",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108683"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-6530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FPWIN Pro",
"version": {
"version_data": [
{
"version_value": "Version 7.3.0.0 and prior"
}
]
}
}
]
},
"vendor_name": "Panasonic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02"
},
{
"name": "108683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108683"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-565/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-567/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6530",
"datePublished": "2019-06-07T13:58:17.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:21.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6539 (GCVE-0-2019-6539)
Vulnerability from cvelistv5 – Published: 2019-02-13 00:00 – Updated: 2024-09-16 19:56
VLAI
Summary
Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
Severity
No CVSS data available.
CWE
- CWE-122 - Heap-based buffer overflow CWE-122
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106861 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ICS-CERT | WECON LeviStudioU |
Affected:
LeviStudioU Versions 1.8.56 and prior
|
Date Public
2019-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WECON LeviStudioU",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "LeviStudioU Versions 1.8.56 and prior"
}
]
}
],
"datePublic": "2019-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro\u0027s Zero Day Initiative, reported these vulnerabilities to NCCIC."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based buffer overflow CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-13T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-02-05T00:00:00",
"ID": "CVE-2019-6539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WECON LeviStudioU",
"version": {
"version_data": [
{
"version_value": "LeviStudioU Versions 1.8.56 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro\u0027s Zero Day Initiative, reported these vulnerabilities to NCCIC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106861"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6539",
"datePublished": "2019-02-13T00:00:00.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:56:23.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6740 (GCVE-0-2019-6740)
Vulnerability from cvelistv5 – Published: 2019-06-03 18:15 – Updated: 2024-08-04 20:31
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472.
Severity
9.6 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-253/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Galaxy S9",
"vendor": "Samsung",
"versions": [
{
"status": "affected",
"version": "prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "fluoroacetate"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-03T18:15:47.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-253/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Galaxy S9",
"version": {
"version_data": [
{
"version_value": "prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467)"
}
]
}
}
]
},
"vendor_name": "Samsung"
}
]
}
},
"credit": "fluoroacetate",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-253/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-253/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2019-6740",
"datePublished": "2019-06-03T18:15:47.000Z",
"dateReserved": "2019-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8258 (GCVE-0-2019-8258)
Vulnerability from cvelistv5 – Published: 2019-03-05 15:00 – Updated: 2024-09-16 19:15
VLAI
Summary
UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.
Severity
No CVSS data available.
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.kaspersky.com/advisories/klcert-… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | x_refsource_MISC |
Date Public
2019-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "UltraVNC",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T21:33:11.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "UltraVNC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8258",
"datePublished": "2019-03-05T15:00:00.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:15:25.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8262 (GCVE-0-2019-8262)
Vulnerability from cvelistv5 – Published: 2019-03-05 15:00 – Updated: 2024-09-16 16:49
VLAI
Summary
UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.
Severity
No CVSS data available.
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://ics-cert.kaspersky.com/advisories/klcert-… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 | x_refsource_MISC |
Date Public
2019-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "UltraVNC",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T11:52:18.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "UltraVNC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8262",
"datePublished": "2019-03-05T15:00:00.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:49:03.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8271 (GCVE-0-2019-8271)
Vulnerability from cvelistv5 – Published: 2019-03-09 00:00 – Updated: 2024-09-16 23:26
VLAI
Summary
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
Severity
No CVSS data available.
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.kaspersky.com/advisories/klcert-… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Affected:
1.2.2.3
|
Date Public
2019-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T20:53:56.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8271",
"datePublished": "2019-03-09T00:00:00.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:26:16.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8273 (GCVE-0-2019-8273)
Vulnerability from cvelistv5 – Published: 2019-03-09 00:00 – Updated: 2024-09-16 23:16
VLAI
Summary
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
Severity
No CVSS data available.
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.kaspersky.com/advisories/klcert-… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Affected:
1.2.2.3
|
Date Public
2019-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T20:54:47.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8273",
"datePublished": "2019-03-09T00:00:00.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:03.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases:
Description:
- Pre-design: Use a language or compiler that performs automatic bounds checking.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Strategy: Libraries or Frameworks
Description:
- Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary.
Mitigation
Phase: Operation
Description:
- Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.