CVE-2009-1761 — Improper Input Validation in Arcserve Backup

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

2.2%

top 15.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

CA Arcserve Backup

Timeline

PublishedJun 16

Latest updateMay 2

Description

The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDca/arcserve_backupr12.0

Patches

Patch: community.ca.com ↗Patch: support.ca.com ↗Patch: community.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-r6fx-fmr6-8qq5: The message engine in CA ARCserve Backup r12↗2022-05-02

▶

CVEList

CVE-2009-1761: The message engine in CA ARCserve Backup r12↗2009-06-16

▶