![]() ![]() An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. As a workaround, add the `UPLOAD_LENGTH` check in all possible states. ![]() This issue has been patched, please upgrade to version 6.1.12. The implementation of `ux_device_class_dfu_control_request` function prevents buffer overflow during handling of DFU UPLOAD command when current state is `UX_SYSTEM_DFU_STATE_DFU_IDLE`. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. This issue has been patched in version 12.7.1.Īzure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. This issue may lead to Remote Code Execution (RCE). The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. ![]() Sysstat is a set of system performance tools for the Linux operating system. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from process_fmt() that can be reached via a w3r_format element in a wk3 document. This may allow an attacker to execute arbitrary code.Ī buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.ġ23elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.īentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. A local attacker can exploit this if the ntfs-3g binary is setuid root. Crafted metadata in an NTFS image can cause code execution. A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions > buffer overflow was discovered in NTFS-3G before 2022.10.3. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |