CVE-2024-40722

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service.
Configurations

Configuration 1 (hide)

cpe:2.3:a:changingtec:tcb_servisign:*:*:*:*:*:windows:*:*

History

09 Aug 2024, 14:39

Type Values Removed Values Added
CPE cpe:2.3:a:changingtec:tcb_servisign:*:*:*:*:*:windows:*:*
References () https://www.twcert.org.tw/en/cp-139-7973-e10c6-2.html - () https://www.twcert.org.tw/en/cp-139-7973-e10c6-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7967-9efdf-1.html - () https://www.twcert.org.tw/tw/cp-132-7967-9efdf-1.html - Third Party Advisory
First Time Changingtec tcb Servisign
Changingtec
CWE CWE-787

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) La API específica en TCBServiSign Windows Version de CHANGING Information Technology no valida correctamente la longitud de la entrada del lado del servidor. Cuando un usuario visita un sitio web falsificado, atacantes remotos no autenticados pueden provocar un desbordamiento de búfer en la región stack de la memoria en TCBServiSign, interrumpiendo temporalmente su servicio.

02 Aug 2024, 11:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 11:16

Updated : 2024-08-09 14:39


NVD link : CVE-2024-40722

Mitre link : CVE-2024-40722

CVE.ORG link : CVE-2024-40722


JSON object : View

Products Affected

changingtec

  • tcb_servisign
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow