PT-2022-3200 · Unknown · Igss Data Server
Published
2022-06-14
·
Updated
2023-02-08
·
CVE-2022-32529
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IGSS Data Server - IGSSdataServer.exe versions prior to V15.0.0.22170
Description
A buffer copy without checking the size of input vulnerability exists, potentially leading to a stack-based buffer overflow and remote code execution when an attacker sends specially crafted log data request messages.
Recommendations
For versions prior to V15.0.0.22170, update to version V15.0.0.22170 or later to resolve the issue. As a temporary workaround, consider restricting access to the log data request functionality until a patch is applied. Avoid processing specially crafted log data request messages to minimize the risk of exploitation.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Igss Data Server