CVE-2005-3658 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Legato Networker

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.5HIGHNVD

EPSS

5.7%

top 9.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

EMC Legato Networker

Timeline

PublishedDec 31

Latest updateMay 3

Description

Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDemc/legato_networker6 versions+5

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-9cgq-cjm7-94qp: Multiple heap-based buffer overflows in EMC Legato NetWorker 7↗2022-05-03

▶

CVEList

CVE-2005-3658: Multiple heap-based buffer overflows in EMC Legato NetWorker 7↗2006-01-18

▶