CVE-2015-2898

EUVD-2015-2986
Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx na_setgroupsequenceex function, (2) the FormatDate julptostr function, and (3) the UserFindingCodes addtocl function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
medicompmedcin_engine
𝑥
≤ 2.22.20142.166
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/675052
http://www.securifera.com/advisories/CVE-2015-2898-2901/
http://www.kb.cert.org/vuls/id/675052
http://www.securifera.com/advisories/CVE-2015-2898-2901/