CWE-130
Improper Handling of Length Parameter Inconsistency
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
CVE-2018-5453 (GCVE-0-2018-5453)
Vulnerability from cvelistv5 – Published: 2018-03-05 17:00 – Updated: 2024-08-05 05:33
VLAI?
Summary
An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Moxa OnCell G3100-HSPA Series |
Affected:
Moxa OnCell G3100-HSPA Series
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa OnCell G3100-HSPA Series",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Moxa OnCell G3100-HSPA Series"
}
]
}
],
"datePublic": "2018-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-05T16:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa OnCell G3100-HSPA Series",
"version": {
"version_data": [
{
"version_value": "Moxa OnCell G3100-HSPA Series"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5453",
"datePublished": "2018-03-05T17:00:00",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-08-05T05:33:44.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0055 (GCVE-0-2019-0055)
Vulnerability from cvelistv5 – Published: 2019-10-09 19:26 – Updated: 2024-09-16 22:08
VLAI?
Summary
A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series.
Severity ?
7.5 (High)
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3X48 , < 12.3X48-D61, 12.3X48-D65
(custom)
Affected: 15.1X49 , < 15.1X49-D130 (custom) Affected: 17.3 , < 17.3R3 (custom) Affected: 17.4 , < 17.4R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10953"
},
{
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-sip-alg.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3X48-D61, 12.3X48-D65",
"status": "affected",
"version": "12.3X48",
"versionType": "custom"
},
{
"lessThan": "15.1X49-D130",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
},
{
"lessThan": "17.3R3",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue only affects SRX Series devices where SIP ALG is enabled.\nThe following minimum configuration is required: \n set security alg sip"
}
],
"datePublic": "2019-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:26:17",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA10953"
},
{
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-sip-alg.html"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D61, 12.3X48-D65, 15.1X49-D130, 17.3R3, 17.4R2, 18.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10953",
"defect": [
"1329170"
],
"discovery": "USER"
},
"title": "Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled.",
"workarounds": [
{
"lang": "en",
"value": "Disable SIP ALG if this is not needed, otherwise there are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-10-09T16:00:00.000Z",
"ID": "CVE-2019-0055",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "12.3X48",
"version_value": "12.3X48-D61, 12.3X48-D65"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D130"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue only affects SRX Series devices where SIP ALG is enabled.\nThe following minimum configuration is required: \n set security alg sip"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130 Improper Handling of Length Parameter Inconsistency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10953",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA10953"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-sip-alg.html",
"refsource": "MLIST",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-sip-alg.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D61, 12.3X48-D65, 15.1X49-D130, 17.3R3, 17.4R2, 18.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10953",
"defect": [
"1329170"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Disable SIP ALG if this is not needed, otherwise there are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0055",
"datePublished": "2019-10-09T19:26:17.374648Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T22:08:51.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3862 (GCVE-0-2019-3862)
Vulnerability from cvelistv5 – Published: 2019-03-20 21:39 – Updated: 2024-08-04 19:19
VLAI?
Summary
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Severity ?
7.3 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3862.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1884"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"datePublic": "2019-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T19:15:26",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3862.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1884"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"name": "https://www.libssh2.org/CVE-2019-3862.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3862.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
},
{
"name": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1884",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1884"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3862",
"datePublished": "2019-03-20T21:39:52",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10065 (GCVE-0-2020-10065)
Vulnerability from cvelistv5 – Published: 2021-05-24 21:40 – Updated: 2024-09-16 22:09
VLAI?
Summary
Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c
Severity ?
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency (CWE-130)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zephyrproject-rtos | zephyr |
Affected:
v1.14.2 , < unspecified
(custom)
Affected: v2.2.0 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "Improper Handling of Length Parameter Inconsistency (CWE-130)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T21:40:23",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
]
},
"title": "Missing Size Checks in Bluetooth HCI over SPI",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-06-29T00:00:00.000Z",
"ID": "CVE-2020-10065",
"STATE": "PUBLIC",
"TITLE": "Missing Size Checks in Bluetooth HCI over SPI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.2"
},
{
"version_affected": "\u003e=",
"version_value": "v2.2.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions \u003e= v1.14.2, \u003e= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.8,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Length Parameter Inconsistency (CWE-130)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10065",
"datePublished": "2021-05-24T21:40:24.079319Z",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-09-16T22:09:54.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16224 (GCVE-0-2020-16224)
Vulnerability from cvelistv5 – Published: 2020-09-11 13:05 – Updated: 2024-08-04 13:37
VLAI?
Summary
In Patient Information Center iX (PICiX) Versions C.02, C.03, the
software parses a formatted message or structure but does not handle or
incorrectly handles a length field that is inconsistent with the actual
length of the associated data, causing the application on the
surveillance station to restart.
Severity ?
No CVSS data available.
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Patient Information Center iX (PICiX) |
Affected:
C.02
Affected: C.03 |
Credits
Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Patient Information Center iX (PICiX)",
"vendor": "Philips ",
"versions": [
{
"status": "affected",
"version": "C.02"
},
{
"status": "affected",
"version": "C.03"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nIn Patient Information Center iX (PICiX) Versions C.02, C.03, the \nsoftware parses a formatted message or structure but does not handle or \nincorrectly handles a length field that is inconsistent with the actual \nlength of the associated data, causing the application on the \nsurveillance station to restart.\n\n\u003c/p\u003e"
}
],
"value": "In Patient Information Center iX (PICiX) Versions C.02, C.03, the \nsoftware parses a formatted message or structure but does not handle or \nincorrectly handles a length field that is inconsistent with the actual \nlength of the associated data, causing the application on the \nsurveillance station to restart.\n\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T20:55:58.162Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
},
{
"url": "https://www.philips.com/productsecurity"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cp\u003ePhilips released the following versions to remediate reported vulnerabilities:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatient Information Center iX (PICiX) Version C.03\u003c/li\u003e\n\u003cli\u003eCertificate revocation within the system was implemented for PIC iX.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Philips released the following versions to remediate reported vulnerabilities:\n\n\n\n * Patient Information Center iX (PICiX) Version C.03\n\n * Certificate revocation within the system was implemented for PIC iX.\n\n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Philips Patient Monitoring Devices Improper Handling of Length Parameter Inconsistency",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cp\u003eAs a mitigation to these vulnerabilities, Philips recommends the following:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe Philips patient monitoring network is required to be physically \nor logically isolated from the hospital local area network (LAN). \nPhilips recommends using a firewall or routers that can implement access\n control lists restricting access in and out of the patient monitoring \nnetwork for only necessary ports and IP addresses. Refer to the Philips \nPatient Monitoring System Security for Clinical Networks guide for \nadditional information on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://incenter.medical.philips.com/\"\u003eInCenter\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBy default, the simple certificate enrollment protocol (SCEP) \nservice is not running. When needed, the service is configured to run \nbased on the duration or the number of certificates to be assigned. One \ncertificate is default, but if a certificate is not issued, the service \nwill continue to run. Limit exposure by ensuring the SCEP service is not\n running unless it is actively being used to enroll new devices.\u003c/li\u003e\n\u003cli\u003eWhen enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.\u003c/li\u003e\n\u003cli\u003eImplement physical security controls to prevent unauthorized login \nattempts on the PIC iX application. Servers should be kept in controlled\n locked data centers. Access to equipment at nurses\u2019 stations should be \ncontrolled and monitored.\u003c/li\u003e\n\u003cli\u003eOnly grant remote access to PIC iX servers on a must-have basis.\u003c/li\u003e\n\u003cli\u003eGrant login privileges to the bedside monitor and PIC iX application\n on a role-based, least-privilege basis, and only to trusted users.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eUsers with questions regarding their specific Philips Patient \nInformation Center (PIC iX) and/or IntelliVue patient monitor \ninstallations and new release eligibility should contact their local \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support team, or regional service support\u003c/a\u003e, or call 1-800-722-9377.\u003c/p\u003e\n\u003cp\u003ePlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the Philips advisory and the latest security information for Philips products.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "As a mitigation to these vulnerabilities, Philips recommends the following:\n\n\n\n * The Philips patient monitoring network is required to be physically \nor logically isolated from the hospital local area network (LAN). \nPhilips recommends using a firewall or routers that can implement access\n control lists restricting access in and out of the patient monitoring \nnetwork for only necessary ports and IP addresses. Refer to the Philips \nPatient Monitoring System Security for Clinical Networks guide for \nadditional information on InCenter https://incenter.medical.philips.com/ .\n\n * By default, the simple certificate enrollment protocol (SCEP) \nservice is not running. When needed, the service is configured to run \nbased on the duration or the number of certificates to be assigned. One \ncertificate is default, but if a certificate is not issued, the service \nwill continue to run. Limit exposure by ensuring the SCEP service is not\n running unless it is actively being used to enroll new devices.\n\n * When enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.\n\n * Implement physical security controls to prevent unauthorized login \nattempts on the PIC iX application. Servers should be kept in controlled\n locked data centers. Access to equipment at nurses\u2019 stations should be \ncontrolled and monitored.\n\n * Only grant remote access to PIC iX servers on a must-have basis.\n\n * Grant login privileges to the bedside monitor and PIC iX application\n on a role-based, least-privilege basis, and only to trusted users.\n\n\n\n\nUsers with questions regarding their specific Philips Patient \nInformation Center (PIC iX) and/or IntelliVue patient monitor \ninstallations and new release eligibility should contact their local Philips service support team, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-800-722-9377.\n\n\nPlease see the Philips product security website https://www.philips.com/productsecurity for the Philips advisory and the latest security information for Philips products.\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Patient Information Center iX (PICiX), PerformanceBridge Focal Point, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90, IntelliVue X3 and X2.",
"version": {
"version_data": [
{
"version_value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER HANDLING OF LENGTH PARAMETER INCONSISTENCY CWE-130"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16224",
"datePublished": "2020-09-11T13:05:19",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:53.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8927 (GCVE-0-2020-8927)
Vulnerability from cvelistv5 – Published: 2020-09-15 09:15 – Updated: 2024-08-04 10:12
VLAI?
Summary
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Severity ?
5.3 (Medium)
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google LLC | Brotli |
Affected:
stable , ≤ 1.0.7
(custom)
|
Credits
Jay Lv <nengzhi.pnz@antgroup.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:11.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"name": "openSUSE-SU-2020:1578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"name": "FEDORA-2020-22d278923a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"name": "USN-4568-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"name": "FEDORA-2020-c663fbc46c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"name": "FEDORA-2020-e21bd401ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"name": "FEDORA-2020-bc9a739f0c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"name": "FEDORA-2020-9336b65f82",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"name": "FEDORA-2020-c76a35b209",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"name": "DSA-4801",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"name": "FEDORA-2022-9e046f579a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"name": "FEDORA-2022-5ecee47acb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"name": "FEDORA-2022-d28042f559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brotli",
"vendor": "Google LLC",
"versions": [
{
"lessThanOrEqual": "1.0.7",
"status": "affected",
"version": "stable",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jay Lv \u003cnengzhi.pnz@antgroup.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-27T04:06:10",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"name": "openSUSE-SU-2020:1578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"name": "FEDORA-2020-22d278923a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"name": "USN-4568-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"name": "FEDORA-2020-c663fbc46c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"name": "FEDORA-2020-e21bd401ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"name": "FEDORA-2020-bc9a739f0c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"name": "FEDORA-2020-9336b65f82",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"name": "FEDORA-2020-c76a35b209",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"name": "DSA-4801",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"name": "FEDORA-2022-9e046f579a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"name": "FEDORA-2022-5ecee47acb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"name": "FEDORA-2022-d28042f559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Buffer overflow in Brotli library",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8927",
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in Brotli library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brotli",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "stable",
"version_value": "1.0.7"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jay Lv \u003cnengzhi.pnz@antgroup.com\u003e"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130 Improper Handling of Length Parameter Inconsistency "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/brotli/releases/tag/v1.0.9",
"refsource": "CONFIRM",
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"name": "openSUSE-SU-2020:1578",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"name": "FEDORA-2020-22d278923a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"
},
{
"name": "USN-4568-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"name": "FEDORA-2020-c663fbc46c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"
},
{
"name": "FEDORA-2020-e21bd401ad",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"
},
{
"name": "FEDORA-2020-bc9a739f0c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"
},
{
"name": "FEDORA-2020-9336b65f82",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"
},
{
"name": "FEDORA-2020-c76a35b209",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2476-1] brotli security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"name": "DSA-4801",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"name": "FEDORA-2022-9e046f579a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"
},
{
"name": "FEDORA-2022-5ecee47acb",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"
},
{
"name": "FEDORA-2022-d28042f559",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8927",
"datePublished": "2020-09-15T09:15:12",
"dateReserved": "2020-02-12T00:00:00",
"dateUpdated": "2024-08-04T10:12:11.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20588 (GCVE-0-2021-20588)
Vulnerability from cvelistv5 – Published: 2021-02-19 19:58 – Updated: 2025-06-12 23:23
VLAI?
Summary
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) versions 1.003D and prior, iQ Monozukuri Process Remote Monitoring (Data Transfer) versions 1.002C and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior, and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition on the software products, and possibly to execute a malicious code on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.
Severity ?
7.5 (High)
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mitsubishi Electric Corporation | CPU Module Logging Configuration Tool |
Affected:
1.112R and prior
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92330101/index.html"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-049-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPU Module Logging Configuration Tool",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.112R and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CW Configurator",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.011M and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Data Transfer",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "3.44W and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EZSocket",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "5.4 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FR Configurator",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FR Configurator SW3",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FR Configurator2",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.24A and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GT Designer3 Version1(GOT1000)",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.250L and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GT Designer3 Version1(GOT2000)",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.250L and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GT SoftGOT1000 Version3",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "3.245F and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GT SoftGOT2000 Version1",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.250L and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Configurator-DP",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "7.14Q and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Configurator-QP",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Developer",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "8.506C and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Explorer",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX IEC Developer",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX LogViewer",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.115U and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX RemoteService-I",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Works2",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.597X and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Works3",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.070Y and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iQ Monozukuri ANDON (Data Transfer)",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003D and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iQ Monozukuri Process Remote Monitoring (Data Transfer)",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.002C and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M_CommDTM-HART",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M_CommDTM-IO-Link",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.03D and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELFA-Works",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "4.4 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC WinCPU Setting Utility",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSOFT EM Software Development Kit (EM Configurator)",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.015R and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSOFT Navigator",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "2.74C and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MH11 SettingTool Version2",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "2.004E and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MI Configurator",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.004E and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MT Works2",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.167Z and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX Component",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "5.001B and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network Interface Board CC IE Control utility",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.29F and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network Interface Board CC IE Field Utility",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.16S and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network Interface Board CC-Link Ver.2 Utility",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.23Z and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network Interface Board MNETH utility",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "34L and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PX Developer",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.53F and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT ToolBox2",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "3.73B and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT ToolBox3",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.82L and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Setting/monitoring tools for the C Controller module (SW4PVC-CCPU)",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "4.12N and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SLMP Data Collector",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.04E and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) versions 1.003D and prior, iQ Monozukuri Process Remote Monitoring (Data Transfer) versions 1.002C and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior, and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition on the software products, and possibly to execute a malicious code on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets."
}
],
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) versions 1.003D and prior, iQ Monozukuri Process Remote Monitoring (Data Transfer) versions 1.002C and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior, and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition on the software products, and possibly to execute a malicious code on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial-of-Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T23:23:49.362Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2020-021_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU92330101"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-049-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20588",
"datePublished": "2021-02-19T19:58:29.101118Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2025-06-12T23:23:49.362Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20610 (GCVE-0-2021-20610)
Vulnerability from cvelistv5 – Published: 2021-12-01 15:41 – Updated: 2024-08-03 17:45
VLAI?
Summary
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
Severity ?
7.5 (High)
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-R Series R00CPU |
Affected:
Firmware versions "24" and prior
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU94434051/index.html"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R00CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"24\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R01CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"24\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"24\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R04CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"57\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"57\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"57\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"57\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"57\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R04ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"57\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"57\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"57\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"57\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"57\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08SFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"26\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16SFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"26\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32SFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"26\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120SFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"26\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08PCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"29\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16PCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"29\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32PCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"29\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120PCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"29\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08PSFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"08\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16PSFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"08\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32PSFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"08\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120PSFCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"08\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16MTCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Operating system software version \"23\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32MTCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Operating system software version \"23\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R64MTCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Operating system software version \"23\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R12CCPU-V",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"16\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q03UDECPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q04UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q06UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q10UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q13UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q20UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q26UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q50UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q100UDEHCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q03UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23071\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q04UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23071\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q06UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23071\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q13UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23071\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q26UDVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23071\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q04UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23071\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q06UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23071\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q13UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23071\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q26UDPVCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23071\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q12DCCPU-V",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24031\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q24DHCCPU-V ",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24031\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q24DHCCPU-VG",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24031\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q24DHCCPU-LS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24031\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q26DHCCPU-LS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"24031\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series MR-MQ100",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Operating system software version \"F\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q172DCPU-S1",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Operating system software version \"W\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q173DCPU-S1",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Operating system software version \"W\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q172DSCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Operating system software version \"Y\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q173DSCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Operating system software version \"Y\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q170MCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Operating system software version \"W\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q170MSCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Operating system software version \"Y\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC Q Series Q170MSCPU-S1",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Operating system software version \"Y\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC L Series L02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC L Series L06CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC L Series L26CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC L Series L02CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC L Series L06CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC L Series L26CPU-P",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC L Series L26CPU-BT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC L Series L26CPU-PBT",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "The first 5 digits of serial No. \"23121\" and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELIPC Series MI5122-VW",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Firmware versions \"05\" and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
}
],
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T08:23:03.802Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU94434051/index.html"
},
{
"tags": [
"government-resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20610",
"datePublished": "2021-12-01T15:41:25",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26329 (GCVE-0-2021-26329)
Vulnerability from cvelistv5 – Published: 2021-11-16 17:57 – Updated: 2024-09-16 22:24
VLAI?
Summary
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.
Severity ?
No CVSS data available.
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | 1st Gen AMD EPYC™ |
Affected:
unspecified , < NaplesPI-SP3_1.0.0.G
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1st Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "NaplesPI-SP3_1.0.0.G",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "2nd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "RomePI-SP3_1.0.0.C",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "3rd Gen AMD EPYC\u2122",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI-SP3_1.0.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-16T17:57:01",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
],
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2021-26329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1st Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "NaplesPI-SP3_1.0.0.G"
}
]
}
},
{
"product_name": "2nd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "RomePI-SP3_1.0.0.C"
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "MilanPI-SP3_1.0.0.4"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130 Improper Handling of Length Parameter Inconsistency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
}
]
},
"source": {
"advisory": "AMD-SB-1021",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26329",
"datePublished": "2021-11-16T17:57:01.031900Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T22:24:45.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27861 (GCVE-0-2021-27861)
Vulnerability from cvelistv5 – Published: 2022-09-27 18:40 – Updated: 2025-11-04 19:12
VLAI?
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
Severity ?
4.7 (Medium)
Assigner
References
Impacted products
Credits
Etienne Champetier (@champtar) <champetier.etienne@gmail.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:27.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
},
{
"url": "https://www.kb.cert.org/vuls/id/855201"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-27861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:06:05.203947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:06:11.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "802.2",
"vendor": "IEEE",
"versions": [
{
"lessThanOrEqual": "802.2h-1997",
"status": "affected",
"version": "802.2h-1997",
"versionType": "custom"
}
]
},
{
"product": "draft-ietf-v6ops-ra-guard",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "08",
"status": "affected",
"version": "08",
"versionType": "custom"
}
]
},
{
"product": "P802.1Q",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "D1.0",
"status": "affected",
"version": "D1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Etienne Champetier (@champtar) \u003cchampetier.etienne@gmail.com\u003e"
}
],
"datePublic": "2022-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths"
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27861",
"datePublished": "2022-09-27T18:40:13.742Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:27.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Implementation
Description:
- When processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data.
Mitigation
Phase: Implementation
Description:
- Do not let the user control the size of the buffer.
Mitigation
Phase: Implementation
Description:
- Validate that the length of the user-supplied data is consistent with the buffer size.
CAPEC-47: Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.