CVE-2020-13576

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions gSOAP version 2.8.107

Description The issue is related to an integer overflow in the WS-Addressing plugin of the gSOAP software development environment when processing SOAP requests. This can be exploited by a remote attacker to execute arbitrary code by sending specially crafted HTTP requests. A specially crafted SOAP request can lead to remote code execution.

Recommendations For gSOAP version 2.8.107, consider disabling the WS-Addressing plugin functionality until a patch is available to prevent remote code execution. Restrict access to the SOAP request handling module to minimize the risk of exploitation. Avoid using the WS-Addressing plugin until the issue is resolved.

Exploit

Fix

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-680

Related Identifiers

BDU:2021-06075

CVE-2020-13576

DLA-3745-1

MGASA-2021-0263

OPENSUSE-SU-2021:0632-1

OPENSUSE-SU-2021:0664-1

OPENSUSE-SU-2021_0632-1

Affected Products

Suse

Gsoap

CVE-2020-13576

Weakness Enumeration

Related Identifiers

Affected Products

References · 36