CVE-2019-11043

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html Mailing List Third Party Advisory
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/40 Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3286 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3287 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3299 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3300 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3724 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3735 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3736 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0322 Third Party Advisory
https://bugs.php.net/bug.php?id=78599 Exploit Issue Tracking Patch Vendor Advisory
https://github.com/neex/phuip-fpizdam Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/ Mailing List Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/44 Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0003/ Third Party Advisory
https://support.apple.com/kb/HT210919 Third Party Advisory
https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS Third Party Advisory
https://usn.ubuntu.com/4166-1/ Third Party Advisory
https://usn.ubuntu.com/4166-2/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4552 Mailing List Third Party Advisory
https://www.debian.org/security/2019/dsa-4553 Mailing List Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_36 Third Party Advisory
https://www.tenable.com/security/tns-2021-14 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
History

16 Jul 2024, 17:52

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
References () http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html - () http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html - () http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html - Mailing List, Third Party Advisory
References () http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html - () http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2020/Jan/40 - () http://seclists.org/fulldisclosure/2020/Jan/40 - Mailing List, Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:3286 - () https://access.redhat.com/errata/RHSA-2019:3286 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:3287 - () https://access.redhat.com/errata/RHSA-2019:3287 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:3299 - () https://access.redhat.com/errata/RHSA-2019:3299 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:3300 - () https://access.redhat.com/errata/RHSA-2019:3300 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:3724 - () https://access.redhat.com/errata/RHSA-2019:3724 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:3735 - () https://access.redhat.com/errata/RHSA-2019:3735 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:3736 - () https://access.redhat.com/errata/RHSA-2019:3736 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2020:0322 - () https://access.redhat.com/errata/RHSA-2020:0322 - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/ - Mailing List, Third Party Advisory
References () https://seclists.org/bugtraq/2020/Jan/44 - () https://seclists.org/bugtraq/2020/Jan/44 - Mailing List, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20191031-0003/ - () https://security.netapp.com/advisory/ntap-20191031-0003/ - Third Party Advisory
References () https://support.apple.com/kb/HT210919 - () https://support.apple.com/kb/HT210919 - Third Party Advisory
References () https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS - () https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS - Third Party Advisory
References () https://www.debian.org/security/2019/dsa-4552 - Third Party Advisory () https://www.debian.org/security/2019/dsa-4552 - Mailing List, Third Party Advisory
References () https://www.debian.org/security/2019/dsa-4553 - Third Party Advisory () https://www.debian.org/security/2019/dsa-4553 - Mailing List, Third Party Advisory
References () https://www.synology.com/security/advisory/Synology_SA_19_36 - () https://www.synology.com/security/advisory/Synology_SA_19_36 - Third Party Advisory
References () https://www.tenable.com/security/tns-2021-14 - () https://www.tenable.com/security/tns-2021-14 - Third Party Advisory
First Time Redhat enterprise Linux For Ibm Z Systems
Tenable tenable.sc
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux Desktop
Redhat software Collections
Redhat enterprise Linux Workstation
Redhat
Redhat enterprise Linux For Scientific Computing
Fedoraproject
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Arm 64 Eus
Tenable
Redhat enterprise Linux
Fedoraproject fedora
Redhat enterprise Linux Server Tus
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Power Big Endian
Redhat enterprise Linux Server
Redhat enterprise Linux Eus Compute Node
Redhat enterprise Linux Server Aus
Redhat enterprise Linux For Power Big Endian Eus
Redhat enterprise Linux Eus
Information

Published : 2019-10-28 15:15

Updated : 2024-07-16 17:52

NVD link : CVE-2019-11043

Mitre link : CVE-2019-11043

CVE.ORG link : CVE-2019-11043

JSON object : View

Products Affected

redhat

  • enterprise_linux_for_arm_64
  • enterprise_linux_for_arm_64_eus
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_server
  • enterprise_linux
  • enterprise_linux_eus
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_workstation
  • enterprise_linux_for_power_big_endian_eus
  • software_collections
  • enterprise_linux_server_tus
  • enterprise_linux_desktop
  • enterprise_linux_for_scientific_computing
  • enterprise_linux_for_power_big_endian
  • enterprise_linux_eus_compute_node
  • enterprise_linux_server_aus

debian

  • debian_linux

canonical

  • ubuntu_linux

php

  • php

fedoraproject

  • fedora

tenable

  • tenable.sc
CWE
CWE-787

Out-of-bounds Write

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')