PT-2022-6150 · Adobe · Coldfusion

Published

2022-10-11

Updated

2023-01-20

CVE-2022-35690

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions Update 14 and earlier Adobe ColdFusion versions Update 4 and earlier

Description The issue is related to a buffer overflow when handling GIOP packets, which could allow a remote attacker to execute arbitrary code or cause a denial of service. Exploitation of this issue does not require user interaction and is triggered when a crafted network packet is sent to the server.

Recommendations For Adobe ColdFusion versions Update 14 and earlier, update to a version later than Update 14 to resolve the issue. For Adobe ColdFusion versions Update 4 and earlier, update to a version later than Update 4 to resolve the issue. As a temporary workaround, consider restricting access to the ODBC Agent component until a patch is available.

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2023-00212

CVE-2022-35690

ZDI-22-1416

Affected Products

Coldfusion

PT-2022-6150 · Adobe · Coldfusion

CVE-2022-35690

Weakness Enumeration

Related Identifiers

Affected Products

References · 8