CVE-2024-38309

Name of the Vulnerable Software and Affected Versions V-SFT versions 6.2.2.0 and earlier TELLUS versions 4.0.19.0 and earlier TELLUS Lite versions 4.0.19.0 and earlier

Description There are multiple stack-based buffer overflow vulnerabilities in the affected software. If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.

Recommendations For V-SFT versions 6.2.2.0 and earlier, consider avoiding the use of the vulnerable function until a patch is available. For TELLUS versions 4.0.19.0 and earlier, restrict access to the vulnerable module to minimize the risk of exploitation. For TELLUS Lite versions 4.0.19.0 and earlier, disable the vulnerable component as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.