CVE-2012-4357
published 2012-08-19CVE-2012-4357: Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code…
PriorityP357critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.35%
93.6th percentile
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sielcosistemi | winlog_lite | <= 2.07.16 | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gmjm-f66f-wrq7: Array index error in Sielco Sistemi Winlog Pro SCADA before 2
ghsa_unreviewed·2022-05-17
CVE-2012-4357 [HIGH] CWE-20 GHSA-gmjm-f66f-wrq7: Array index error in Sielco Sistemi Winlog Pro SCADA before 2
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.
Red Hat
glibc: stack overflow in getaddrinfo()'s use of alloca()
vendor_redhat·2011-04-13·CVSS 7.5
CVE-2013-4357 [HIGH] CWE-121 glibc: stack overflow in getaddrinfo()'s use of alloca()
glibc: stack overflow in getaddrinfo()'s use of alloca()
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
Statement: This issue has already been addressed in Red Hat Enterprise Linux 5 via http://rhn.redhat.com/errata/RHBA-2013-0022.html and in Red Hat Enterprise Linux 6 via http://rhn.redhat.com/errata/RHBA-2012-0763.html
Package: glibc (Red Hat Enterprise Linux 5) - Not affected
Package: glibc (Red Hat Enterprise Linux 6) - Not affected
Package: glibc (Red Hat Enterprise Linux 7) - Not affected
Red Hat
glibc: stack overflow in getaddrinfo()'s use of alloca()
vendor_redhat·2011-04-13·CVSS 7.5
CVE-2012-6686 [HIGH] CWE-121 glibc: stack overflow in getaddrinfo()'s use of alloca()
glibc: stack overflow in getaddrinfo()'s use of alloca()
[REJECTED CVE] This CVE has been rejected. This candidate is a duplicate of CVE-2013-4357. Note: All CVE users should reference CVE-2013-4357 instead of this candidate.
Statement: This issue has already been addressed in Red Hat Enterprise Linux 5 via http://rhn.redhat.com/errata/RHBA-2013-0022.html and in Red Hat Enterprise Linux 6 via http://rhn.redhat.com/errata/RHBA-2012-0763.html
Package: glibc (Red Hat Enterprise Linux 7) - Not affected
No detection rules found.
http://aluigi.org/adv/winlog_2-adv.txthttp://secunia.com/advisories/49395http://www.sielcosistemi.com/en/news/index.html?id=69http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdfhttp://aluigi.org/adv/winlog_2-adv.txthttp://secunia.com/advisories/49395http://www.sielcosistemi.com/en/news/index.html?id=69http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf
2012-08-19
Published