CVE-2004-0699 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Checkpoint Firewall-1

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

19.8%

top 4.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Checkpoint Firewall-1

Timeline

PublishedSep 28

Latest updateApr 29

Description

Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcheckpoint/firewall-14.1

Patches

Patch: www.checkpoint.com ↗Patch: xforce.iss.net ↗Patch: www.checkpoint.com ↗

🔴Vulnerability Details

GHSA

GHSA-ww4h-ghgr-92pr: Heap-based buffer overflow in ASN↗2022-04-29

▶

CVEList

CVE-2004-0699: Heap-based buffer overflow in ASN↗2004-09-14

▶