CVE-2007-4347

CWE-1894 documents4 sources
Severity
7.8HIGH
EPSS
1.3%
top 19.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Backupexec System Recovery
Timeline
PublishedNov 29
Latest updateMay 1

Description

Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDsymantec/backupexec_system_recovery11.0.6235, 11.0.7170+1

Patches

Patch: secunia.comPatch: securityresponse.symantec.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-v3v8-gxq3-gm5c: Multiple integer overflows in the Job Engine (bengine2022-05-01
CVEList
CVE-2007-4347: Multiple integer overflows in the Job Engine (bengine2007-11-29

💥Exploits & PoCs

1
Exploit-DB
pNews 2.03 - 'newsid' SQL Injection2008-09-12
CVE-2007-4347 (HIGH CVSS 7.8) | Multiple integer overflows in the J | cvebase.io