CVE-2018-8834
17.04.2018, 19:29
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.Enginsight
| Vendor | Product | Version |
|---|---|---|
| omron | cx-flnet | 𝑥 ≤ 1.00 |
| omron | cx-one | 𝑥 ≤ 4.42 |
| omron | cx-programmer | 𝑥 ≤ 9.65 |
| omron | cx-protocol | 𝑥 ≤ 1.992 |
| omron | cx-server | 𝑥 ≤ 5.0.22 |
| omron | network_configurator | 𝑥 ≤ 3.63 |
| omron | switch_box_utility | 𝑥 ≤ 1.68 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.