Lucene search

SiemensCVELIST:CVE-2021-44448

HistoryDec 14, 2021 - 12:07 p.m.

CVE-2021-44448

2021-12-1412:07:07

CWE-125

siemens

www.cve.org

jt utilities

jttk

vulnerability

out of bounds read

jt files

leak information

zdi-can-14843

zdi-can-15051

AI Score

3.9

Confidence

High

EPSS

0.001

Percentile

24.0%

JSON

A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051)

CNA Affected

[
  {
    "product": "JT Utilities",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V13.0.3.0"
      }
    ]
  },
  {
    "product": "JTTK",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <  V11.0.3.0"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf