CVE-2007-5327

CWE-119 — Buffer Overflow3 documents3 sources

Severity

10.0CRITICAL

EPSS

32.1%

top 3.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Brightstor Arcserve Backup Broadcom Brightstor Enterprise Backup

Timeline

PublishedOct 13

Latest updateMay 1

Description

Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDbroadcom/brightstor_arcserve_backup5 versions+4

▶NVDbroadcom/brightstor_enterprise_backup10.5

Patches

Patch: supportconnectw.ca.com ↗Patch: supportconnectw.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-g4v3-pwqw-vxwx: Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr↗2022-05-01

▶

CVEList

CVE-2007-5327: Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr↗2007-10-13

▶