CVE-2007-5658 — Improper Input Validation in Rtworks

CWE-20 — Improper Input Validation3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

15.9%

top 5.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Rtworks Tibco Smartsockets Rtserver Tibco Enterprise Message Service

Timeline

PublishedJan 16

Latest updateMay 1

Description

Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDtibco/enterprise_message_service6 versions+5

▶NVDtibco/smartsockets_rtserver6.8.0

▶NVDtibco/rtworks4.0.3

🔴Vulnerability Details

GHSA

GHSA-qjw3-ggxq-6875: Heap-based buffer overflow in TIBCO SmartSockets RTserver 6↗2022-05-01

▶

CVEList

CVE-2007-5658: Heap-based buffer overflow in TIBCO SmartSockets RTserver 6↗2008-01-16

▶