PT-2009-3291 · Tptest · Tptest

Published

2009-02-20

Updated

2017-09-29

CVE-2009-0650

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TPTEST versions 3.1.7 and earlier TPTEST version 5.02

Description The issue is related to a stack-based buffer overflow in the GetStatsFromLine function, which can be triggered by a STATS line with a long pwd field. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code.

Recommendations For TPTEST versions 3.1.7 and earlier, consider updating to a newer version to mitigate the risk. For TPTEST version 5.02, if affected, update to a newer version to resolve the issue. As a temporary workaround, consider restricting the length of the pwd field in the STATS line to prevent buffer overflow.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-0650

Affected Products

Tptest

PT-2009-3291 · Tptest · Tptest

CVE-2009-0650

Weakness Enumeration

Related Identifiers

Affected Products

References · 5