CVE-2014-2543 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Messaging Appliance

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.5HIGHNVD

EPSS

4.3%

top 11.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Messaging Appliance Tibco Rendezvous Tibco Substantiation ES

Timeline

PublishedApr 8

Latest updateMay 17

Description

Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDtibco/rendezvous8.4.1+9

▶NVDtibco/messaging_appliance8.7.0

▶NVDtibco/substantiation_es2.8.0

🔴Vulnerability Details

GHSA

GHSA-q2vf-jgqw-hc46: Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemo↗2022-05-17

▶

CVEList

CVE-2014-2543: Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemo↗2014-04-08

▶