CoDeSys Buffer Overflow Vulnerability and Integer Overflow Vulnerability
BID:50849
Info
CoDeSys Buffer Overflow Vulnerability and Integer Overflow Vulnerability
| Bugtraq ID: | 50849 |
| Class: | Unknown |
| CVE: |
CVE-2011-5007 CVE-2011-5008 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 29 2011 12:00AM |
| Updated: | Nov 15 2012 11:10PM |
| Credit: | Luigi Auriemma and Celil �?nüver |
| Vulnerable: |
3S - Smart Software Solutions GmbH CoDeSys 3.4 SP4 Patch 2 3S - Smart Software Solutions GmbH CoDeSys 3.4 3S - Smart Software Solutions GmbH CoDeSys 2.3 |
| Not Vulnerable: |
3S - Smart Software Solutions GmbH CoDeSys 3.5 3S - Smart Software Solutions GmbH CoDeSys 2.3.9.32 |
Discussion
CoDeSys Buffer Overflow Vulnerability and Integer Overflow Vulnerability
CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability.
Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed attacks may cause a denial-of-service condition.
CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability.
Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed attacks may cause a denial-of-service condition.
Exploit / POC
CoDeSys Buffer Overflow Vulnerability and Integer Overflow Vulnerability
The researcher has created proof-of-concepts for these issues. Please see the references for information.
The following exploits are available:
The researcher has created proof-of-concepts for these issues. Please see the references for information.
The following exploits are available:
Solution / Fix
CoDeSys Buffer Overflow Vulnerability and Integer Overflow Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
CoDeSys Buffer Overflow Vulnerability and Integer Overflow Vulnerability
References:
References: