CVE-2008-1704 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Enterprise Message Service

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

12.6%

top 6.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Enterprise Message Service Tibco Iprocess Engine

Timeline

PublishedApr 11

Latest updateMay 1

Description

Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDtibco/enterprise_message_service4.4.2+6

▶NVDtibco/iprocess_engine10.6.0, 10.6.1+1

🔴Vulnerability Details

GHSA

GHSA-mpvx-j3m8-j2hq: Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4↗2022-05-01

▶

CVEList

CVE-2008-1704: Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4↗2008-04-11

▶