PT-2020-3963 · Wibu Systems · Codemeter

Published

2020-09-07

Updated

2021-11-04

CVE-2020-14509

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: CodeMeter versions prior to 7.10

Description: The issue is related to memory corruption vulnerabilities in the packet parser mechanism of CodeMeter, where it fails to verify length fields. This could allow an attacker to send specially crafted packets and exploit these vulnerabilities, potentially leading to arbitrary code execution.

Recommendations: For versions prior to 7.10, update to version 7.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the packet parser mechanism to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-805

Related Identifiers

BDU:2020-04356

CVE-2020-14509

Affected Products

Codemeter

PT-2020-3963 · Wibu Systems · Codemeter

CVE-2020-14509

Weakness Enumeration

Related Identifiers

Affected Products

References · 8