CVE-2006-5172

3 documents3 sources

Severity

10.0CRITICAL

EPSS

23.5%

top 4.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Brightstor Arcserve Backup Broadcom Brightstor Enterprise Backup CA Protection Suites

Timeline

PublishedJan 16

Latest updateMay 1

Description

Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDbroadcom/brightstor_arcserve_backup11.5+1

▶NVDbroadcom/brightstor_enterprise_backup10.5

▶NVDca/protection_suitesr2

🔴Vulnerability Details

GHSA

GHSA-j994-cw63-pgjf: Stack-based buffer overflow in the RPC interface in Mediasvr↗2022-05-01

▶

CVEList

CVE-2006-5172: Stack-based buffer overflow in the RPC interface in Mediasvr↗2007-01-16

▶