PT-2020-18700 · Trading Technologies · Trading Technologies Messaging

Published

2020-09-02

Updated

2020-09-14

CVE-2020-5779

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Trading Technologies Messaging version 7.1.28.3

Description A flaw in the software relates to invalid parameter handling when calling strcpy s() with an invalid parameter, specifically a long src string parameter, as part of processing a type 4 message sent to the default TCP RequestPort 10200. This issue causes the ttmd.exe process to terminate.

Recommendations For Trading Technologies Messaging version 7.1.28.3, as a temporary workaround, consider restricting access to the default TCP RequestPort 10200 to minimize the risk of exploitation. Avoid sending type 4 messages to this port until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-5779

Affected Products

Trading Technologies Messaging

PT-2020-18700 · Trading Technologies · Trading Technologies Messaging

CVE-2020-5779

Related Identifiers

Affected Products

References · 3