PT-2017-12051 · Gemalto · Sentinel Ldk+2
Published
2017-10-02
·
Updated
2018-05-11
·
CVE-2017-11497
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gemalto ACC (Admin Control Center) versions HASP SRM 2.10 through Sentinel LDK 7.50
Description
The issue is related to a stack buffer overflow in the hasplms component, which can be exploited by remote attackers to execute arbitrary code. This is achieved through language packs that contain filenames longer than 1024 characters.
Recommendations
For versions HASP SRM 2.10 through Sentinel LDK 7.50, consider restricting access to language packs to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using language packs with filenames longer than 1024 characters.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gemalto Acc
Hasp Srm
Sentinel Ldk