CVE-2019-8981

Published: Mar 26, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.

Affected (1)

Products: Axtls Project: Axtls

Axtls Project

1 product

Axtls

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Axtls Project Axtls	Before 2.1.5

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

http://axtls.sourceforge.net

Source: cve@mitre.org

ProductThird Party Advisory

https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842

Source: cve@mitre.org

PatchThird Party Advisory

https://www.telekom.com/resource/blob/566546/276aaa2eab781729f2544d62edecf002/dl-190322-remote-buffer-overflow-in-a-axtls-data.pdf

Source: cve@mitre.org

ExploitPatchThird Party Advisory

http://axtls.sourceforge.net

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.telekom.com/resource/blob/566546/276aaa2eab781729f2544d62edecf002/dl-190322-remote-buffer-overflow-in-a-axtls-data.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.