CVE-2009-1291 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Enterprise Message Service

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

31.1%

top 3.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Enterprise Message Service Tibco Smartsockets Rtserver Tibco Rtworks +1 more

Timeline

PublishedApr 30

Latest updateMay 2

Description

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound d…

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDtibco/smartsockets_rtserver6.8.1+1

▶NVDtibco/enterprise_message_service5.1.1+6

▶NVDtibco/smartsockets6.8.0, 6.8.1+1

▶NVDtibco/rtworks4.0.3, 4.0.4+1

Patches

Patch: www.tibco.com ↗Patch: www.tibco.com ↗

🔴Vulnerability Details

GHSA

GHSA-fq52-j5vg-rwj5: Stack-based buffer overflow in TIBCO SmartSockets before 6↗2022-05-02

▶

CVEList

CVE-2009-1291: Stack-based buffer overflow in TIBCO SmartSockets before 6↗2009-04-30

▶