CVE-2005-3653

CWE-119 — Buffer Overflow3 documents3 sources

Severity

10.0CRITICAL

EPSS

30.4%

top 3.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Itechnology Igateway Broadcom Brightstor Arcserve Backup Broadcom Brightstor Arcserve Backup Laptops Desktops +31 more

Timeline

PublishedDec 31

Latest updateMay 1

Description

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages34 packages

▶NVDbroadcom/itechnology_igateway4.0.050615

▶NVDbroadcom/unicenter_service_desk11.0

▶NVDca/etrust_secure_content_manager8.0

▶NVDca/unicenter_service_fulfillment11.0

▶NVDbroadcom/unicenter_service_delivery11.0

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: supportconnectw.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-pqwm-v5fq-x4gm: Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4↗2022-05-01

▶

CVEList

CVE-2005-3653: Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4↗2006-01-23

▶