exploitDog

CVE-2024-40723

Опубликовано: 02 авг. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service.

Ссылки

https://www.twcert.org.tw/en/cp-139-7974-0562f-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7968-ce2ef-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:changingtec:hwatai_servisign:*:*:*:*:*:windows:*:*

Версия до 1.0.24.0219 (исключая)

EPSS

Процентиль: 80%

0.0142

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-121

CWE-787

Связанные уязвимости

GHSA-jjc3-cj6j-hw3v

CVSS3: 4.3

github

больше 1 года назад

The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service.

EPSS

Процентиль: 80%

0.0142

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-121

CWE-787