CVE-2017-20225

EUVD-2017-18943
TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
ticalctiemu
𝑥
≤ 2.0.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiemu
bookworm
undetermined
bullseye
undetermined
Common Weakness Enumeration
References
http://lpg.ticalc.org/prj_tiemu/
https://www.exploit-db.com/exploits/42087
https://www.vulncheck.com/advisories/tiemu-stack-based-buffer-overflow-vulnerability