EUVD-2021-9074

Malicious code in bioql PyPI...

CVE-2021-21901

A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this...

CVE-2021-21901

A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this...

CVE-2021-21907

A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...

Directory traversal

A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...

Stack overflow

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA...

Directory traversal

A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability...

CVE-2021-21907

A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...

CVE-2021-21904

A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability...

CVE-2021-21903

CVE-2021-21903 is a stack-based buffer overflow in Garrett Metal Detectors’ iC Module CMA Version 5.0. The vulnerability occurs in the CMA check_udp_crc path where a UDP-CRC field is copied with strcpy into an 8-byte buffer (input_crc_str) without bounds checking, enabling remote attackers to ove...

CVE-2021-21901

CVE-2021-21901 affects Garrett Metal Detectors iC Module CMA Version 5.0. The vulnerability is a stack-based buffer overflow in CMA’s UDP CRC check (check_udp_crc) caused by copying the 256-byte internal buffer with memcpy from a 512-byte UDP payload. A crafted UDP packet can overflow the destina...

PT-2021-14831 · Garrett Metal Detectors · Garrett Metal Detectors Ic Module Cma

Name of the Vulnerable Software and Affected Versions: Garrett Metal Detectors iC Module CMA version 5.0 Description: A stack-based buffer overflow issue exists in the CMA readfile function of the Garrett Metal Detectors iC Module. The iC Module provides an authenticated command-line interface ov...

PT-2021-14833 · Unknown · Ic Module Cma

Name of the Vulnerable Software and Affected Versions: iC Module CMA Version 5.0 Description: A directory traversal issue exists in the CMA CLI getenv command functionality, allowing a specially-crafted command line argument to lead to local file inclusion. An attacker can provide malicious input...

PT-2021-14827 · Unknown · Ic Module Cma

Name of the Vulnerable Software and Affected Versions: iC Module CMA version 5.0 Description: A stack-based buffer overflow issue exists in the CMA check udp crc function. This can be triggered by a specially-crafted packet, leading to a buffer overflow during a call to memcpy. An attacker can...

Garrett Metal Detectors iC Module CMA CLI setenv command directory traversal vulnerability

Summary A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to arbitrary file overwrite. An attacker can provide malicious input to trigger this vulnerability. Tested...

Garrett Metal Detectors iC Module CMA check_udp_crc memcpy stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this...

Garrett Metal Detectors iC Module CMA check_udp_crc strcpy stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this...

Garrett Metal Detectors iC Module CMA CLI del[env] command directory traversal vulnerabilities

Summary Directory traversal vulnerabilities exist in the CMA CLI del and delenv commands of Garrett Metal Detectors’ iC Module CMA Version 5.0. Specially-crafted command line arguments can lead to arbitrary file deletion. An attacker can provide malicious inputs to trigger these vulnerabilities...