Common Weakness Enumeration

CWE-122

Allowed

Heap-based Buffer Overflow

Abstraction: Variant · Status: Draft

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

4096 vulnerabilities reference this CWE, most recent first.

CVE-2024-20508 (GCVE-0-2024-20508)

Vulnerability from cvelistv5 – Published: 2024-09-25 16:19 – Updated: 2024-11-12 15:03
VLAI
Title
Cisco UTD Snort IPS Engine Software for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability
Summary
A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Cisco Cisco UTD SNORT IPS Engine Software Affected: 17.12.1a
Affected: 17.12.2
Affected: 17.13.1a
Affected: 17.12.3
Affected: 17.12.3a
Affected: 17.15.1a
Affected: 17.9.5a
Affected: 17.6.1a
Affected: 17.8.1a
Affected: 17.6.2
Affected: 17.7.2
Affected: 17.12.4
Affected: 17.14.1a
Affected: 17.11.1a
Affected: 17.7.1a
Affected: 17.6.6
Create a notification for this product.
cisco cisco_utd_snort_ips_engine_software Affected: 17.12.1a
Affected: 17.12.2
Affected: 17.13.1a
Affected: 17.12.3
Affected: 17.12.3a
Affected: 17.15.1a
Affected: 17.9.5a
Affected: 17.6.1a
Affected: 17.8.1a
Affected: 17.6.2
Affected: 17.7.2
Affected: 17.12.4
Affected: 17.14.1a
Affected: 17.11.1a
Affected: 17.7.1a
Affected: 17.6.6
    cpe:2.3:a:cisco:cisco_utd_snort_ips_engine_software:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:cisco_utd_snort_ips_engine_software:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cisco_utd_snort_ips_engine_software",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "17.12.1a"
              },
              {
                "status": "affected",
                "version": "17.12.2"
              },
              {
                "status": "affected",
                "version": "17.13.1a"
              },
              {
                "status": "affected",
                "version": "17.12.3"
              },
              {
                "status": "affected",
                "version": "17.12.3a"
              },
              {
                "status": "affected",
                "version": "17.15.1a"
              },
              {
                "status": "affected",
                "version": "17.9.5a"
              },
              {
                "status": "affected",
                "version": "17.6.1a"
              },
              {
                "status": "affected",
                "version": "17.8.1a"
              },
              {
                "status": "affected",
                "version": "17.6.2"
              },
              {
                "status": "affected",
                "version": "17.7.2"
              },
              {
                "status": "affected",
                "version": "17.12.4"
              },
              {
                "status": "affected",
                "version": "17.14.1a"
              },
              {
                "status": "affected",
                "version": "17.11.1a"
              },
              {
                "status": "affected",
                "version": "17.7.1a"
              },
              {
                "status": "affected",
                "version": "17.6.6"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20508",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T18:37:27.398761Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T15:03:36.564Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco UTD SNORT IPS Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "17.12.1a"
            },
            {
              "status": "affected",
              "version": "17.12.2"
            },
            {
              "status": "affected",
              "version": "17.13.1a"
            },
            {
              "status": "affected",
              "version": "17.12.3"
            },
            {
              "status": "affected",
              "version": "17.12.3a"
            },
            {
              "status": "affected",
              "version": "17.15.1a"
            },
            {
              "status": "affected",
              "version": "17.9.5a"
            },
            {
              "status": "affected",
              "version": "17.6.1a"
            },
            {
              "status": "affected",
              "version": "17.8.1a"
            },
            {
              "status": "affected",
              "version": "17.6.2"
            },
            {
              "status": "affected",
              "version": "17.7.2"
            },
            {
              "status": "affected",
              "version": "17.12.4"
            },
            {
              "status": "affected",
              "version": "17.14.1a"
            },
            {
              "status": "affected",
              "version": "17.11.1a"
            },
            {
              "status": "affected",
              "version": "17.7.1a"
            },
            {
              "status": "affected",
              "version": "17.6.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process.  If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-25T16:19:39.387Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-utd-snort3-dos-bypas-b4OUEwxD",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-utd-snort3-dos-bypas-b4OUEwxD"
        }
      ],
      "source": {
        "advisory": "cisco-sa-utd-snort3-dos-bypas-b4OUEwxD",
        "defects": [
          "CSCwj21273"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco UTD Snort IPS Engine Software for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20508",
    "datePublished": "2024-09-25T16:19:39.387Z",
    "dateReserved": "2023-11-08T15:08:07.688Z",
    "dateUpdated": "2024-11-12T15:03:36.564Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20259 (GCVE-0-2024-20259)

Vulnerability from cvelistv5 – Published: 2024-03-27 16:53 – Updated: 2024-08-27 21:04
VLAI
Summary
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IOS XE Software Affected: 17.1.1
Affected: 17.1.1a
Affected: 17.1.1s
Affected: 17.1.1t
Affected: 17.1.3
Affected: 17.2.1
Affected: 17.2.1r
Affected: 17.2.1a
Affected: 17.2.1v
Affected: 17.2.2
Affected: 17.2.3
Affected: 17.3.1
Affected: 17.3.2
Affected: 17.3.3
Affected: 17.3.1a
Affected: 17.3.1w
Affected: 17.3.2a
Affected: 17.3.1x
Affected: 17.3.1z
Affected: 17.3.4
Affected: 17.3.5
Affected: 17.3.4a
Affected: 17.3.6
Affected: 17.3.4b
Affected: 17.3.4c
Affected: 17.3.5a
Affected: 17.3.5b
Affected: 17.3.7
Affected: 17.3.8
Affected: 17.3.8a
Affected: 17.4.1
Affected: 17.4.2
Affected: 17.4.1a
Affected: 17.4.1b
Affected: 17.4.2a
Affected: 17.5.1
Affected: 17.5.1a
Affected: 17.6.1
Affected: 17.6.2
Affected: 17.6.1w
Affected: 17.6.1a
Affected: 17.6.1x
Affected: 17.6.3
Affected: 17.6.1y
Affected: 17.6.1z
Affected: 17.6.3a
Affected: 17.6.4
Affected: 17.6.1z1
Affected: 17.6.5
Affected: 17.6.6
Affected: 17.6.6a
Affected: 17.6.5a
Affected: 17.7.1
Affected: 17.7.1a
Affected: 17.7.1b
Affected: 17.7.2
Affected: 17.10.1
Affected: 17.10.1a
Affected: 17.10.1b
Affected: 17.8.1
Affected: 17.8.1a
Affected: 17.9.1
Affected: 17.9.1w
Affected: 17.9.2
Affected: 17.9.1a
Affected: 17.9.1x
Affected: 17.9.1y
Affected: 17.9.3
Affected: 17.9.2a
Affected: 17.9.1x1
Affected: 17.9.3a
Affected: 17.9.4
Affected: 17.9.1y1
Affected: 17.9.4a
Affected: 17.11.1
Affected: 17.11.1a
Affected: 17.12.1
Affected: 17.12.1w
Affected: 17.12.1a
Affected: 17.11.99SW
Create a notification for this product.
cisco ios_xe Affected: 17.1.1
Affected: 17.1.1a
Affected: 17.1.1s
Affected: 17.1.1t
Affected: 17.1.3
Affected: 17.2.1
Affected: 17.2.1r
Affected: 17.2.1a
Affected: 17.2.1v
Affected: 17.2.2
Affected: 17.2.3
Affected: 17.3.1
Affected: 17.3.2
Affected: 17.3.3
Affected: 17.3.1a
Affected: 17.3.1w
Affected: 17.3.2a
Affected: 17.3.1x
Affected: 17.3.1z
Affected: 17.3.4
Affected: 17.3.5
Affected: 17.3.4a
Affected: 17.3.6
Affected: 17.3.4b
Affected: 17.3.4c
Affected: 17.3.5a
Affected: 17.3.5b
Affected: 17.3.7
Affected: 17.3.8
Affected: 17.3.8a
Affected: 17.4.1
Affected: 17.4.2
Affected: 17.4.1a
Affected: 17.4.1b
Affected: 17.4.2a
Affected: 17.5.1
Affected: 17.5.1a
Affected: 17.6.1
Affected: 17.6.2
Affected: 17.6.1w
Affected: 17.6.1a
Affected: 17.6.1x
Affected: 17.6.3
Affected: 17.6.1y
Affected: 17.6.1z
Affected: 17.6.3a
Affected: 17.6.4
Affected: 17.6.1z1
Affected: 17.6.5
Affected: 17.6.6
Affected: 17.6.6a
Affected: 17.6.5a
Affected: 17.7.1
Affected: 17.7.1a
Affected: 17.7.1b
Affected: 17.7.2
Affected: 17.10.1
Affected: 17.10.1a
Affected: 17.10.1b
Affected: 17.8.1
Affected: 17.8.1a
Affected: 17.9.1
Affected: 17.9.1w
Affected: 17.9.2
Affected: 17.9.1a
Affected: 17.9.1x
Affected: 17.9.1y
Affected: 17.9.3
Affected: 17.9.2a
Affected: 17.9.1x1
Affected: 17.9.3a
Affected: 17.9.4
Affected: 17.9.1y1
Affected: 17.9.4a
Affected: 17.11.1
Affected: 17.11.1a
Affected: 17.12.1
Affected: 17.12.1w
Affected: 17.12.1a
Affected: 17.11.99sw
    cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.1w:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.1x:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.1z:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.1w:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.1x:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.1y:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.1z:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.1z1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.1w:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.1x:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.1y:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.1x1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.1y1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.12.1w:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.11.99sw:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.719Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-dhcp-dos-T3CXPO9z",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.1w:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.1x:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.1z:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.1w:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.1x:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.1y:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.1z:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.1z1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.1w:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.1x:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.1y:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.1x1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.1y1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.12.1w:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.11.99sw:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xe",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "17.1.1"
              },
              {
                "status": "affected",
                "version": "17.1.1a"
              },
              {
                "status": "affected",
                "version": "17.1.1s"
              },
              {
                "status": "affected",
                "version": "17.1.1t"
              },
              {
                "status": "affected",
                "version": "17.1.3"
              },
              {
                "status": "affected",
                "version": "17.2.1"
              },
              {
                "status": "affected",
                "version": "17.2.1r"
              },
              {
                "status": "affected",
                "version": "17.2.1a"
              },
              {
                "status": "affected",
                "version": "17.2.1v"
              },
              {
                "status": "affected",
                "version": "17.2.2"
              },
              {
                "status": "affected",
                "version": "17.2.3"
              },
              {
                "status": "affected",
                "version": "17.3.1"
              },
              {
                "status": "affected",
                "version": "17.3.2"
              },
              {
                "status": "affected",
                "version": "17.3.3"
              },
              {
                "status": "affected",
                "version": "17.3.1a"
              },
              {
                "status": "affected",
                "version": "17.3.1w"
              },
              {
                "status": "affected",
                "version": "17.3.2a"
              },
              {
                "status": "affected",
                "version": "17.3.1x"
              },
              {
                "status": "affected",
                "version": "17.3.1z"
              },
              {
                "status": "affected",
                "version": "17.3.4"
              },
              {
                "status": "affected",
                "version": "17.3.5"
              },
              {
                "status": "affected",
                "version": "17.3.4a"
              },
              {
                "status": "affected",
                "version": "17.3.6"
              },
              {
                "status": "affected",
                "version": "17.3.4b"
              },
              {
                "status": "affected",
                "version": "17.3.4c"
              },
              {
                "status": "affected",
                "version": "17.3.5a"
              },
              {
                "status": "affected",
                "version": "17.3.5b"
              },
              {
                "status": "affected",
                "version": "17.3.7"
              },
              {
                "status": "affected",
                "version": "17.3.8"
              },
              {
                "status": "affected",
                "version": "17.3.8a"
              },
              {
                "status": "affected",
                "version": "17.4.1"
              },
              {
                "status": "affected",
                "version": "17.4.2"
              },
              {
                "status": "affected",
                "version": "17.4.1a"
              },
              {
                "status": "affected",
                "version": "17.4.1b"
              },
              {
                "status": "affected",
                "version": "17.4.2a"
              },
              {
                "status": "affected",
                "version": "17.5.1"
              },
              {
                "status": "affected",
                "version": "17.5.1a"
              },
              {
                "status": "affected",
                "version": "17.6.1"
              },
              {
                "status": "affected",
                "version": "17.6.2"
              },
              {
                "status": "affected",
                "version": "17.6.1w"
              },
              {
                "status": "affected",
                "version": "17.6.1a"
              },
              {
                "status": "affected",
                "version": "17.6.1x"
              },
              {
                "status": "affected",
                "version": "17.6.3"
              },
              {
                "status": "affected",
                "version": "17.6.1y"
              },
              {
                "status": "affected",
                "version": "17.6.1z"
              },
              {
                "status": "affected",
                "version": "17.6.3a"
              },
              {
                "status": "affected",
                "version": "17.6.4"
              },
              {
                "status": "affected",
                "version": "17.6.1z1"
              },
              {
                "status": "affected",
                "version": "17.6.5"
              },
              {
                "status": "affected",
                "version": "17.6.6"
              },
              {
                "status": "affected",
                "version": "17.6.6a"
              },
              {
                "status": "affected",
                "version": "17.6.5a"
              },
              {
                "status": "affected",
                "version": "17.7.1"
              },
              {
                "status": "affected",
                "version": "17.7.1a"
              },
              {
                "status": "affected",
                "version": "17.7.1b"
              },
              {
                "status": "affected",
                "version": "17.7.2"
              },
              {
                "status": "affected",
                "version": "17.10.1"
              },
              {
                "status": "affected",
                "version": "17.10.1a"
              },
              {
                "status": "affected",
                "version": "17.10.1b"
              },
              {
                "status": "affected",
                "version": "17.8.1"
              },
              {
                "status": "affected",
                "version": "17.8.1a"
              },
              {
                "status": "affected",
                "version": "17.9.1"
              },
              {
                "status": "affected",
                "version": "17.9.1w"
              },
              {
                "status": "affected",
                "version": "17.9.2"
              },
              {
                "status": "affected",
                "version": "17.9.1a"
              },
              {
                "status": "affected",
                "version": "17.9.1x"
              },
              {
                "status": "affected",
                "version": "17.9.1y"
              },
              {
                "status": "affected",
                "version": "17.9.3"
              },
              {
                "status": "affected",
                "version": "17.9.2a"
              },
              {
                "status": "affected",
                "version": "17.9.1x1"
              },
              {
                "status": "affected",
                "version": "17.9.3a"
              },
              {
                "status": "affected",
                "version": "17.9.4"
              },
              {
                "status": "affected",
                "version": "17.9.1y1"
              },
              {
                "status": "affected",
                "version": "17.9.4a"
              },
              {
                "status": "affected",
                "version": "17.11.1"
              },
              {
                "status": "affected",
                "version": "17.11.1a"
              },
              {
                "status": "affected",
                "version": "17.12.1"
              },
              {
                "status": "affected",
                "version": "17.12.1w"
              },
              {
                "status": "affected",
                "version": "17.12.1a"
              },
              {
                "status": "affected",
                "version": "17.11.99sw"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20259",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-28T18:18:28.297611Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T21:04:37.666Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "17.1.1"
            },
            {
              "status": "affected",
              "version": "17.1.1a"
            },
            {
              "status": "affected",
              "version": "17.1.1s"
            },
            {
              "status": "affected",
              "version": "17.1.1t"
            },
            {
              "status": "affected",
              "version": "17.1.3"
            },
            {
              "status": "affected",
              "version": "17.2.1"
            },
            {
              "status": "affected",
              "version": "17.2.1r"
            },
            {
              "status": "affected",
              "version": "17.2.1a"
            },
            {
              "status": "affected",
              "version": "17.2.1v"
            },
            {
              "status": "affected",
              "version": "17.2.2"
            },
            {
              "status": "affected",
              "version": "17.2.3"
            },
            {
              "status": "affected",
              "version": "17.3.1"
            },
            {
              "status": "affected",
              "version": "17.3.2"
            },
            {
              "status": "affected",
              "version": "17.3.3"
            },
            {
              "status": "affected",
              "version": "17.3.1a"
            },
            {
              "status": "affected",
              "version": "17.3.1w"
            },
            {
              "status": "affected",
              "version": "17.3.2a"
            },
            {
              "status": "affected",
              "version": "17.3.1x"
            },
            {
              "status": "affected",
              "version": "17.3.1z"
            },
            {
              "status": "affected",
              "version": "17.3.4"
            },
            {
              "status": "affected",
              "version": "17.3.5"
            },
            {
              "status": "affected",
              "version": "17.3.4a"
            },
            {
              "status": "affected",
              "version": "17.3.6"
            },
            {
              "status": "affected",
              "version": "17.3.4b"
            },
            {
              "status": "affected",
              "version": "17.3.4c"
            },
            {
              "status": "affected",
              "version": "17.3.5a"
            },
            {
              "status": "affected",
              "version": "17.3.5b"
            },
            {
              "status": "affected",
              "version": "17.3.7"
            },
            {
              "status": "affected",
              "version": "17.3.8"
            },
            {
              "status": "affected",
              "version": "17.3.8a"
            },
            {
              "status": "affected",
              "version": "17.4.1"
            },
            {
              "status": "affected",
              "version": "17.4.2"
            },
            {
              "status": "affected",
              "version": "17.4.1a"
            },
            {
              "status": "affected",
              "version": "17.4.1b"
            },
            {
              "status": "affected",
              "version": "17.4.2a"
            },
            {
              "status": "affected",
              "version": "17.5.1"
            },
            {
              "status": "affected",
              "version": "17.5.1a"
            },
            {
              "status": "affected",
              "version": "17.6.1"
            },
            {
              "status": "affected",
              "version": "17.6.2"
            },
            {
              "status": "affected",
              "version": "17.6.1w"
            },
            {
              "status": "affected",
              "version": "17.6.1a"
            },
            {
              "status": "affected",
              "version": "17.6.1x"
            },
            {
              "status": "affected",
              "version": "17.6.3"
            },
            {
              "status": "affected",
              "version": "17.6.1y"
            },
            {
              "status": "affected",
              "version": "17.6.1z"
            },
            {
              "status": "affected",
              "version": "17.6.3a"
            },
            {
              "status": "affected",
              "version": "17.6.4"
            },
            {
              "status": "affected",
              "version": "17.6.1z1"
            },
            {
              "status": "affected",
              "version": "17.6.5"
            },
            {
              "status": "affected",
              "version": "17.6.6"
            },
            {
              "status": "affected",
              "version": "17.6.6a"
            },
            {
              "status": "affected",
              "version": "17.6.5a"
            },
            {
              "status": "affected",
              "version": "17.7.1"
            },
            {
              "status": "affected",
              "version": "17.7.1a"
            },
            {
              "status": "affected",
              "version": "17.7.1b"
            },
            {
              "status": "affected",
              "version": "17.7.2"
            },
            {
              "status": "affected",
              "version": "17.10.1"
            },
            {
              "status": "affected",
              "version": "17.10.1a"
            },
            {
              "status": "affected",
              "version": "17.10.1b"
            },
            {
              "status": "affected",
              "version": "17.8.1"
            },
            {
              "status": "affected",
              "version": "17.8.1a"
            },
            {
              "status": "affected",
              "version": "17.9.1"
            },
            {
              "status": "affected",
              "version": "17.9.1w"
            },
            {
              "status": "affected",
              "version": "17.9.2"
            },
            {
              "status": "affected",
              "version": "17.9.1a"
            },
            {
              "status": "affected",
              "version": "17.9.1x"
            },
            {
              "status": "affected",
              "version": "17.9.1y"
            },
            {
              "status": "affected",
              "version": "17.9.3"
            },
            {
              "status": "affected",
              "version": "17.9.2a"
            },
            {
              "status": "affected",
              "version": "17.9.1x1"
            },
            {
              "status": "affected",
              "version": "17.9.3a"
            },
            {
              "status": "affected",
              "version": "17.9.4"
            },
            {
              "status": "affected",
              "version": "17.9.1y1"
            },
            {
              "status": "affected",
              "version": "17.9.4a"
            },
            {
              "status": "affected",
              "version": "17.11.1"
            },
            {
              "status": "affected",
              "version": "17.11.1a"
            },
            {
              "status": "affected",
              "version": "17.12.1"
            },
            {
              "status": "affected",
              "version": "17.12.1w"
            },
            {
              "status": "affected",
              "version": "17.12.1a"
            },
            {
              "status": "affected",
              "version": "17.11.99SW"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\r\n\r Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-27T16:53:53.073Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-dhcp-dos-T3CXPO9z",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z"
        }
      ],
      "source": {
        "advisory": "cisco-sa-dhcp-dos-T3CXPO9z",
        "defects": [
          "CSCwh59449"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20259",
    "datePublished": "2024-03-27T16:53:53.073Z",
    "dateReserved": "2023-11-08T15:08:07.623Z",
    "dateUpdated": "2024-08-27T21:04:37.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-13051 (GCVE-0-2024-13051)

Vulnerability from cvelistv5 – Published: 2024-12-30 20:16 – Updated: 2024-12-30 23:01
VLAI
Title
Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24977.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
Ashlar-Vellum Graphite Affected: 13_SE_13048
Create a notification for this product.
Date Public
2024-12-30 18:03
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-13051",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-30T22:59:54.852785Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-30T23:01:24.150Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Graphite",
          "vendor": "Ashlar-Vellum",
          "versions": [
            {
              "status": "affected",
              "version": "13_SE_13048"
            }
          ]
        }
      ],
      "dateAssigned": "2024-12-30T16:47:20.207Z",
      "datePublic": "2024-12-30T18:03:24.581Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24977."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-30T20:16:19.818Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1735",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1735/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "rgod"
      },
      "title": "Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-13051",
    "datePublished": "2024-12-30T20:16:19.818Z",
    "dateReserved": "2024-12-30T16:47:20.097Z",
    "dateUpdated": "2024-12-30T23:01:24.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-13050 (GCVE-0-2024-13050)

Vulnerability from cvelistv5 – Published: 2024-12-30 20:16 – Updated: 2024-12-30 23:01
VLAI
Title
Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24976.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
Ashlar-Vellum Graphite Affected: 13_SE_13048
Create a notification for this product.
Date Public
2024-12-30 18:03
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-13050",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-30T23:00:03.138979Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-30T23:01:36.394Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Graphite",
          "vendor": "Ashlar-Vellum",
          "versions": [
            {
              "status": "affected",
              "version": "13_SE_13048"
            }
          ]
        }
      ],
      "dateAssigned": "2024-12-30T16:47:13.308Z",
      "datePublic": "2024-12-30T18:03:18.899Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24976."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-30T20:16:14.569Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1734",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1734/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "rgod"
      },
      "title": "Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-13050",
    "datePublished": "2024-12-30T20:16:14.569Z",
    "dateReserved": "2024-12-30T16:47:13.266Z",
    "dateUpdated": "2024-12-30T23:01:36.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12670 (GCVE-0-2024-12670)

Vulnerability from cvelistv5 – Published: 2024-12-17 15:28 – Updated: 2025-08-26 17:17
VLAI
Title
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Autodesk Navisworks Freedom Affected: 2025 , < 2025.4 (custom)
    cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Autodesk Navisworks Simulate Affected: 2025 , < 2025.4 (custom)
    cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Autodesk Navisworks Manage Affected: 2025 , < 2025.4 (custom)
    cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12670",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-17T15:46:17.014347Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-17T15:46:52.263Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Freedom",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.4",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.4",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.4",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T17:17:03.296Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-12670",
    "datePublished": "2024-12-17T15:28:05.933Z",
    "dateReserved": "2024-12-16T14:41:31.535Z",
    "dateUpdated": "2025-08-26T17:17:03.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12669 (GCVE-0-2024-12669)

Vulnerability from cvelistv5 – Published: 2024-12-17 15:27 – Updated: 2025-08-26 17:16
VLAI
Title
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Autodesk Navisworks Freedom Affected: 2025 , < 2025.4 (custom)
    cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Autodesk Navisworks Simulate Affected: 2025 , < 2025.4 (custom)
    cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Autodesk Navisworks Manage Affected: 2025 , < 2025.4 (custom)
    cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12669",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-17T15:55:15.741934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-17T15:55:46.891Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Freedom",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.4",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.4",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.4",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T17:16:46.311Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-12669",
    "datePublished": "2024-12-17T15:27:17.052Z",
    "dateReserved": "2024-12-16T14:24:34.883Z",
    "dateUpdated": "2025-08-26T17:16:46.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12179 (GCVE-0-2024-12179)

Vulnerability from cvelistv5 – Published: 2024-12-17 15:19 – Updated: 2025-08-26 16:53
VLAI
Title
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Autodesk Navisworks Freedom Affected: 2025 , < 2025.4 (custom)
    cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Autodesk Navisworks Simulate Affected: 2025 , < 2025.4 (custom)
    cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Autodesk Navisworks Manage Affected: 2025 , < 2025.4 (custom)
    cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12179",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-17T15:30:23.695137Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-17T15:31:25.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Freedom",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.4",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.4",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.4",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T16:53:27.682Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-12179",
    "datePublished": "2024-12-17T15:19:29.587Z",
    "dateReserved": "2024-12-04T16:30:45.791Z",
    "dateUpdated": "2025-08-26T16:53:27.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12084 (GCVE-0-2024-12084)

Vulnerability from cvelistv5 – Published: 2025-01-15 14:16 – Updated: 2026-06-29 20:31
VLAI
Title
Rsync: heap buffer overflow in rsync due to improper checksum length handling
Summary
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Affected: 3.2.7
Affected: 3.3.0
Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.4.1-2.el10 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Date Public
2025-01-14 15:06
Credits
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12084",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T04:55:13.179697Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:06.939Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:52:08.021Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/01/14/6"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/952657"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/RsyncProject/rsync",
          "defaultStatus": "unaffected",
          "packageName": "rsync",
          "versions": [
            {
              "status": "affected",
              "version": "3.2.7"
            },
            {
              "status": "affected",
              "version": "3.3.0"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.4.1-2.el10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
        }
      ],
      "datePublic": "2025-01-14T15:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Critical"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-29T20:31:56.456Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHBA-2025:6470",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2025:6470"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-12084"
        },
        {
          "name": "RHBZ#2330527",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330527"
        },
        {
          "url": "https://kb.cert.org/vuls/id/952657"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-05T09:32:44.653Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-01-14T15:06:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Rsync: heap buffer overflow in rsync due to improper checksum length handling",
      "workarounds": [
        {
          "lang": "en",
          "value": "Red Hat recommends filtering untrusted connections to Rsync via firewall rules on the host and on network firewall appliances.\n\nAdditionally, systems which only need to provide remote Rsync access to users with known identities can enable authentication using the ```auth users``` parameter in their rsyncd configuration file (rsyncd.conf). \n\nSystems that provide anonymous read access to hosted files via Rsync, such as mirror hosts, do not have reasonable mitigation options available. We strongly urge operators using vulnerable versions of Rsync to update as soon as possible."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-12084",
    "datePublished": "2025-01-15T14:16:35.363Z",
    "dateReserved": "2024-12-03T08:57:42.580Z",
    "dateUpdated": "2026-06-29T20:31:56.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11933 (GCVE-0-2024-11933)

Vulnerability from cvelistv5 – Published: 2024-11-27 23:36 – Updated: 2024-11-29 16:59
VLAI
Title
Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24548.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
Fuji Electric Monitouch V-SFT Affected: 6.2.3.0
Create a notification for this product.
fujielectric monitouch_v-sft Affected: 6.2.3.0
    cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-11-27 21:01
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fujielectric:monitouch_v-sft:6.2.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "monitouch_v-sft",
            "vendor": "fujielectric",
            "versions": [
              {
                "status": "affected",
                "version": "6.2.3.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T16:59:16.877074Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T16:59:46.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Monitouch V-SFT",
          "vendor": "Fuji Electric",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-27T20:52:50.875Z",
      "datePublic": "2024-11-27T21:01:43.341Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24548."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T23:36:05.162Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1630",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1630/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11933",
    "datePublished": "2024-11-27T23:36:05.162Z",
    "dateReserved": "2024-11-27T20:52:50.825Z",
    "dateUpdated": "2024-11-29T16:59:46.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11608 (GCVE-0-2024-11608)

Vulnerability from cvelistv5 – Published: 2024-12-09 17:53 – Updated: 2025-08-28 14:38
VLAI
Summary
A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Autodesk Revit Affected: 2025 , < 2025.4 (custom)
Affected: 2024 , < 2024.3.2 (custom)
Affected: 2023 , < 2023.1.7 (custom)
    cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*
Create a notification for this product.
autodesk revit Affected: 2025
    cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "revit",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11608",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T18:03:53.476189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T18:05:18.311Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.4",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.3.2",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T14:38:16.647Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0026"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-11608",
    "datePublished": "2024-12-09T17:53:18.804Z",
    "dateReserved": "2024-11-21T20:20:48.343Z",
    "dateUpdated": "2025-08-28T14:38:16.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Pre-design: Use a language or compiler that performs automatic bounds checking.

Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Strategy: Libraries or Frameworks

Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary.

Mitigation
Operation

Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth.

CAPEC-92: Forced Integer Overflow

This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.