CVE-2024-41881

2024-07-2909:15:02

CWE-121

jpcert

web.nvd.nist.gov

sdop

buffer overflow

xml file

arbitrary code

security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

16.2%

JSON

SDoP versions prior to 1.11 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted XML file, arbitrary code may be executed on the user’s environment.

Affected configurations

Vulners

Node

philip_hazelsdopRange<1.11

VendorProductVersionCPE
philip_hazelsdop*cpe:2.3:a:philip_hazel:sdop:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
philip_hazel	sdop	*	cpe:2.3:a:philip_hazel:sdop::::::::

CNA Affected

[
  {
    "vendor": "Philip Hazel",
    "product": "SDoP",
    "versions": [
      {
        "version": "prior to 1.11",
        "status": "affected"
      }
    ]
  }
]