Lucene search

Japan Vulnerability NotesJVN:16420523

HistoryJul 29, 2024 - 12:00 a.m.

JVN#16420523: SDoP vulnerable to stack-based buffer overflow

2024-07-2900:00:00

Japan Vulnerability Notes

jvn.jp

sdop

buffer overflow

update

version 1.11

cwe-121

xml file

arbitrary code

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

16.2%

JSON

SDoP fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability (CWE-121).

Impact

When a user of the affected product is tricked to process a specially crafted XML file, an arbitrary code may be executed on the user’s environment.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has added the commit to fix the vulnerability in SDoP repository, named as version 1.11.

Products Affected

SDoP versions prior to 1.11

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

16.2%

JSON

Related for JVN:16420523