CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2024-52547 (GCVE-0-2024-52547)
Vulnerability from cvelistv5 – Published: 2024-12-03 17:25 – Updated: 2025-09-05 08:31
VLAI
Title
Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow
Summary
An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
Severity
7.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/sfewer-r7/LorexExploit | exploit |
| https://www.rapid7.com/blog/post/2024/12/03/lorex… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lorex | 2K Indoor Wi-Fi Security Camera |
Affected:
0 , < 2.800.0000000.8.R.20241111
(custom)
|
|
| lorextechnology | w461asc-e_firmware |
Affected:
0 , < 2.800.0000000.8.r.20241111
(custom)
cpe:2.3:o:lorextechnology:w461asc-e_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-12-03 17:25
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lorextechnology:w461asc-e_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "w461asc-e_firmware",
"vendor": "lorextechnology",
"versions": [
{
"lessThan": "2.800.0000000.8.r.20241111",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52547",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T18:40:08.377751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T18:45:12.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "2K Indoor Wi-Fi Security Camera",
"vendor": "Lorex",
"versions": [
{
"lessThan": "2.800.0000000.8.R.20241111",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-03T17:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.\u003cbr\u003e"
}
],
"value": "An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T08:31:14.731Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/sfewer-r7/LorexExploit"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2024-52547",
"datePublished": "2024-12-03T17:25:31.962Z",
"dateReserved": "2024-11-12T13:42:42.324Z",
"dateUpdated": "2025-09-05T08:31:14.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52572 (GCVE-0-2024-52572)
Vulnerability from cvelistv5 – Published: 2024-11-18 15:39 – Updated: 2024-12-10 13:54
VLAI
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Teamcenter Visualization V14.2 |
Affected:
0 , < V14.2.0.14
(custom)
|
|
| Siemens | Teamcenter Visualization V14.3 |
Affected:
0 , < V14.3.0.12
(custom)
|
|
| Siemens | Teamcenter Visualization V2312 |
Affected:
0 , < V2312.0008
(custom)
|
|
| Siemens | Teamcenter Visualization V2406 |
Affected:
0 , < V2406.0005
(custom)
|
|
| Siemens | Tecnomatix Plant Simulation V2302 |
Affected:
0 , < V2302.0018
(custom)
|
|
| Siemens | Tecnomatix Plant Simulation V2404 |
Affected:
0 , < V2404.0007
(custom)
|
|
| siemens | tecnomatix_plant_simulation |
Affected:
0 , < 2302.0018
(custom)
Affected: 0 , < 2404.0007 (custom) cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tecnomatix_plant_simulation",
"vendor": "siemens",
"versions": [
{
"lessThan": "2302.0018",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2404.0007",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tecnomatix_plant_simulation",
"vendor": "siemens",
"versions": [
{
"lessThan": "2302.0018",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2404.0007",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T17:58:30.237542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T18:08:38.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V14.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V14.2.0.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V14.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V14.3.0.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V2312",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2312.0008",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V2406",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2406.0005",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Tecnomatix Plant Simulation V2302",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2302.0018",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Tecnomatix Plant Simulation V2404",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2404.0007",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.14), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.12), Teamcenter Visualization V2312 (All versions \u003c V2312.0008), Teamcenter Visualization V2406 (All versions \u003c V2406.0005), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0018), Tecnomatix Plant Simulation V2404 (All versions \u003c V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T13:54:08.165Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-52572",
"datePublished": "2024-11-18T15:39:35.577Z",
"dateReserved": "2024-11-14T12:25:53.336Z",
"dateUpdated": "2024-12-10T13:54:08.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52894 (GCVE-0-2024-52894)
Vulnerability from cvelistv5 – Published: 2025-07-29 19:00 – Updated: 2025-08-17 01:23
VLAI
Title
IBM Db2 for Linux, UNIX and Windows denial of service
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7240953 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 |
Affected:
10.5.0.0 , ≤ 10.5.0.11
(semver)
Affected: 11.1.0 , ≤ 11.1.4.7 (semver) Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.2 (semver) cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T19:29:51.532514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T19:30:03.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:zos:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Unix",
"AIX",
"z/OS"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.5.0.11",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.1.4.7",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.2",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T01:23:03.366Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240953"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003eRelease Fixed in mod pack APAR Download URL\u003cbr\u003eV10.5 TBD DT398812 \u003cbr\u003eSpecial Build for V10.5 FP11:\u003cbr\u003e\u003cbr\u003eAIX 64-bit\u003cbr\u003eHP-UX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 big endian\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eSolaris 64-bit, x86-64\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.1 TBD DT398812 Special Build for V11.1.4 FP7:\u003cbr\u003eAIX 64-bit\u003cbr\u003eLinux 32-bit, x86-32\u003cbr\u003eLinux 64-bit, x86-64\u003cbr\u003eLinux 64-bit, POWER\u2122 little endian\u003cbr\u003eLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\u003cbr\u003eSolaris 64-bit, SPARC\u003cbr\u003eWindows 32-bit, x86\u003cbr\u003eWindows 64-bit, x86\u003cbr\u003e\u003cbr\u003eV11.5 TBD DT398812 \u003cbr\u003eSpecial Build #62071 or later for V11.5.9 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003cbr\u003eV12.1 V12.1.2 DT398812 \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003cbr\u003e"
}
],
"value": "Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent affected level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\nRelease Fixed in mod pack APAR Download URL\nV10.5 TBD DT398812 \nSpecial Build for V10.5 FP11:\n\nAIX 64-bit\nHP-UX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 big endian\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nSolaris 64-bit, x86-64\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.1 TBD DT398812 Special Build for V11.1.4 FP7:\nAIX 64-bit\nLinux 32-bit, x86-32\nLinux 64-bit, x86-64\nLinux 64-bit, POWER\u2122 little endian\nLinux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\nSolaris 64-bit, SPARC\nWindows 32-bit, x86\nWindows 64-bit, x86\n\nV11.5 TBD DT398812 \nSpecial Build #62071 or later for V11.5.9 available at this link:\n\n https://www.ibm.com/support/pages/node/7087189 \nV12.1 V12.1.2 DT398812 \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 for Linux, UNIX and Windows denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-52894",
"datePublished": "2025-07-29T19:00:12.910Z",
"dateReserved": "2024-11-17T14:25:44.935Z",
"dateUpdated": "2025-08-17T01:23:03.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5293 (GCVE-0-2024-5293)
Vulnerability from cvelistv5 – Published: 2024-05-23 21:29 – Updated: 2024-08-01 21:11
VLAI
Title
D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Summary
D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DIR-2640 |
Affected:
1.11B02_BETA02
|
|
| dlink | dir-2640_firmware |
Affected:
1.11b02
cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:* |
Date Public
2024-05-14 15:21
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"status": "affected",
"version": "1.11b02"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T13:18:35.558118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:02:34.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:11.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-444",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-444/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2640",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.11B02_BETA02"
}
]
}
],
"dateAssigned": "2024-05-23T21:22:42.203Z",
"datePublic": "2024-05-14T15:21:00.437Z",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T21:29:44.062Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-444",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-444/"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky"
},
"title": "D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5293",
"datePublished": "2024-05-23T21:29:44.062Z",
"dateReserved": "2024-05-23T21:22:42.170Z",
"dateUpdated": "2024-08-01T21:11:11.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53041 (GCVE-0-2024-53041)
Vulnerability from cvelistv5 – Published: 2024-12-10 13:54 – Updated: 2024-12-10 17:17
VLAI
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Teamcenter Visualization V14.2 |
Affected:
0 , < V14.2.0.14
(custom)
|
|
| Siemens | Teamcenter Visualization V14.3 |
Affected:
0 , < V14.3.0.12
(custom)
|
|
| Siemens | Teamcenter Visualization V2312 |
Affected:
0 , < V2312.0008
(custom)
|
|
| Siemens | Tecnomatix Plant Simulation V2302 |
Affected:
0 , < V2302.0016
(custom)
|
|
| Siemens | Tecnomatix Plant Simulation V2404 |
Affected:
0 , < V2404.0005
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T15:17:30.639993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T17:17:19.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V14.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V14.2.0.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V14.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V14.3.0.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V2312",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2312.0008",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Tecnomatix Plant Simulation V2302",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2302.0016",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Tecnomatix Plant Simulation V2404",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2404.0005",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.14), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.12), Teamcenter Visualization V2312 (All versions \u003c V2312.0008), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0016), Tecnomatix Plant Simulation V2404 (All versions \u003c V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T13:54:12.113Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-53041",
"datePublished": "2024-12-10T13:54:12.113Z",
"dateReserved": "2024-11-19T16:38:17.725Z",
"dateUpdated": "2024-12-10T17:17:19.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5305 (GCVE-0-2024-5305)
Vulnerability from cvelistv5 – Published: 2024-06-06 18:04 – Updated: 2024-08-01 21:11
VLAI
Title
Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22921.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
Date Public
2024-05-31 19:15
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kofax:power_pdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_pdf",
"vendor": "kofax",
"versions": [
{
"lessThan": "5.0.0.57",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T20:36:27.205776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T20:36:31.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-550",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-550/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Power PDF",
"vendor": "Kofax",
"versions": [
{
"status": "affected",
"version": "5.0.0.57"
}
]
}
],
"dateAssigned": "2024-05-23T22:17:58.663Z",
"datePublic": "2024-05-31T19:15:37.723Z",
"descriptions": [
{
"lang": "en",
"value": "Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22921."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:04:23.845Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-550",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-550/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5305",
"datePublished": "2024-06-06T18:04:23.845Z",
"dateReserved": "2024-05-23T22:17:58.643Z",
"dateUpdated": "2024-08-01T21:11:12.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53296 (GCVE-0-2024-53296)
Vulnerability from cvelistv5 – Published: 2025-02-01 03:56 – Updated: 2025-02-12 20:51
VLAI
Summary
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00027915… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerProtect DD |
Affected:
7.13.1.0 , ≤ 7.13.1.10
(semver)
Affected: 7.10.1.0 , ≤ 7.10.1.40 (semver) |
Date Public
2025-01-30 06:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T15:48:35.858892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:22.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerProtect DD",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "7.13.1.10",
"status": "affected",
"version": "7.13.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.1.40",
"status": "affected",
"version": "7.10.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank zzcentury for reporting this issue."
}
],
"datePublic": "2025-01-30T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.\u003cbr\u003e"
}
],
"value": "Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-01T03:56:38.147Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-53296",
"datePublished": "2025-02-01T03:56:38.147Z",
"dateReserved": "2024-11-20T06:05:04.568Z",
"dateUpdated": "2025-02-12T20:51:22.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53695 (GCVE-0-2024-53695)
Vulnerability from cvelistv5 – Published: 2025-03-07 16:13 – Updated: 2025-03-07 17:54
VLAI
Title
HBS 3 Hybrid Backup Sync
Summary
A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 25.1.4.952 and later
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | HBS 3 Hybrid Backup Sync |
Affected:
25.1.x , < 25.1.4.952
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T17:54:45.869426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T17:54:53.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HBS 3 Hybrid Backup Sync",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "25.1.4.952",
"status": "affected",
"version": "25.1.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CataLpa of Hatlab, Dbappsecurity Co. Ltd."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eHBS 3 Hybrid Backup Sync 25.1.4.952 and later\u003cbr\u003e"
}
],
"value": "A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nHBS 3 Hybrid Backup Sync 25.1.4.952 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T16:13:42.883Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-06"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eHBS 3 Hybrid Backup Sync 25.1.4.952 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following version:\nHBS 3 Hybrid Backup Sync 25.1.4.952 and later"
}
],
"source": {
"advisory": "QSA-25-06",
"discovery": "EXTERNAL"
},
"title": "HBS 3 Hybrid Backup Sync",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2024-53695",
"datePublished": "2025-03-07T16:13:42.883Z",
"dateReserved": "2024-11-22T06:21:49.206Z",
"dateUpdated": "2025-03-07T17:54:53.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53703 (GCVE-0-2024-53703)
Vulnerability from cvelistv5 – Published: 2024-12-05 13:59 – Updated: 2024-12-07 04:55
VLAI
Summary
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SonicWall | SMA100 |
Affected:
10.2.1.13-72sv and earlier versions
|
|
| sonicwall | sma100_firmware |
Affected:
0 , ≤ 10.2.1.13-72sv
(custom)
cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:* |
Date Public
2024-12-05 01:22
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sma100_firmware",
"vendor": "sonicwall",
"versions": [
{
"lessThanOrEqual": "10.2.1.13-72sv",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-07T04:55:30.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux"
],
"product": "SMA100",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "10.2.1.13-72sv and earlier versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alain Mowat of Orange Cyberdefense, Switzerland."
}
],
"datePublic": "2024-12-05T01:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T13:59:35.490Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018"
}
],
"source": {
"advisory": "SNWLID-2024-0018",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2024-53703",
"datePublished": "2024-12-05T13:59:35.490Z",
"dateReserved": "2024-11-22T09:54:04.963Z",
"dateUpdated": "2024-12-07T04:55:30.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53849 (GCVE-0-2024-53849)
Vulnerability from cvelistv5 – Published: 2024-11-26 23:34 – Updated: 2025-11-03 22:29
VLAI
Title
Several stack buffer overflows and pointer overflows in editorconfig-core-c
Summary
editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/editorconfig/editorconfig-core… | x_refsource_CONFIRM |
| https://github.com/editorconfig/editorconfig-core… | x_refsource_MISC |
| https://github.com/editorconfig/editorconfig-core… | x_refsource_MISC |
| https://github.com/editorconfig/editorconfig-core… | x_refsource_MISC |
| http://editorconfig.org | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2024… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| editorconfig | editorconfig-core-c |
Affected:
< 0.12.7
|
|
| editorconfig | editorconfig |
Affected:
0 , < 0.12.7
(custom)
cpe:2.3:a:editorconfig:editorconfig:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:editorconfig:editorconfig:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "editorconfig",
"vendor": "editorconfig",
"versions": [
{
"lessThan": "0.12.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:33:19.707403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:35:10.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:29:45.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "editorconfig-core-c",
"vendor": "editorconfig",
"versions": [
{
"status": "affected",
"version": "\u003c 0.12.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case \u0027[\u0027 when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T23:34:58.784Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-475j-wc37-6274",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-475j-wc37-6274"
},
{
"name": "https://github.com/editorconfig/editorconfig-core-c/pull/103",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/editorconfig/editorconfig-core-c/pull/103"
},
{
"name": "https://github.com/editorconfig/editorconfig-core-c/commit/4d5518a0a4e4910c37281ab13a048d0d86999782",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/editorconfig/editorconfig-core-c/commit/4d5518a0a4e4910c37281ab13a048d0d86999782"
},
{
"name": "https://github.com/editorconfig/editorconfig-core-c/commit/a8dd5312e08abeab95ff5656d32ed3cb85fba70b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/editorconfig/editorconfig-core-c/commit/a8dd5312e08abeab95ff5656d32ed3cb85fba70b"
},
{
"name": "http://editorconfig.org",
"tags": [
"x_refsource_MISC"
],
"url": "http://editorconfig.org"
}
],
"source": {
"advisory": "GHSA-475j-wc37-6274",
"discovery": "UNKNOWN"
},
"title": "Several stack buffer overflows and pointer overflows in editorconfig-core-c"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53849",
"datePublished": "2024-11-26T23:34:58.784Z",
"dateReserved": "2024-11-22T17:30:02.140Z",
"dateUpdated": "2025-11-03T22:29:45.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Description:
- Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.