#buffer_overflow

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Open Design Alliance (ODA) Equipment: Drawing SDK Vulnerabilities: Use after Free, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to disclose sensitive information on affected installations of ODA Drawing SDK. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ODA Drawing SDK are affected: Drawing SDK: Versions prior to 2024.1 3.2 Vulnerability Overview 3.2.1 USE AFTER FREE CWE-416 Open Design Alliance's Drawing SDK prior to Version 2024.1 is vulnerable to a use after free attack. Exploitation of this vulnerability requires the target to visit a malicious page or open a malicious file. The specific vulnerability exists within the parsing of DWG files. Crafted data in a DWG file can trigger a use after free attack past the end of an allocated buffer. An attacker could leverage this vulnerability in conjunction wit...

In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.

A vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.

When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device

Red Hat Security Advisory 2023-7792-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-7791-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and use-after-free vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Missing Encryption of Sensitive Data, Cross-site Scripting, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Improper Input Validation, Out-of-bounds Write, Out-of-bounds Read, Infinite Loop, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Allocation of Resources Without Limits or ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: User Management Component (UMC) Vulnerabilities: Permissive Cross-domain Policy with Untrusted Domains, Cross-site Scripting, Classic Buffer Overflow, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to a restart of the UMC server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Opcenter Quality: all versions SIMATIC PCS neo: versions prior to v4.1 SINUMERIK Integrate RunMyHMI /Automotive: all versions Totally Integrated Automation Portal (TIA Portal) v...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC and SIPLUS products Vulnerabilities: Uncontrolled Recursion, Buffer Access with Incorrect Length Value 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized attacker with network access to the web server to perform a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0): All versions SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0): All versions SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES74...