CVE-2008-3338 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Hawk

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

5.4%

top 9.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Hawk Tibco Mainframe Service Tracker Tibco Runtime Agent +1 more

Timeline

PublishedAug 13

Latest updateMay 1

Description

Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDtibco/hawk4.8.0+3

▶NVDtibco/mainframe_service_tracker1.0

▶NVDtibco/runtime_agent5.5.4+2

▶NVDtibco/iprocess_engine14 versions+13

🔴Vulnerability Details

GHSA

GHSA-hj8g-jffw-r6xj: Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4↗2022-05-01

▶

CVEList

CVE-2008-3338: Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4↗2008-08-13

▶