CVE-2015-7599Integer Overflow or Wraparound in Vxworks

CWE-190Integer Overflow or Wraparound3 documents3 sources
Severity
8.1HIGHNVD
EPSS
8.2%
top 7.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Windriver Vxworks
Timeline
PublishedFeb 7
Latest updateMay 17

Description

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

NVDwindriver/vxworks6.9.4.1+5

🔴Vulnerability Details

2
GHSA
GHSA-p388-m7wm-qc9v: Integer overflow in the _authenticate function in svc_auth2022-05-17
CVEList
CVE-2015-7599: Integer overflow in the _authenticate function in svc_auth2017-02-07
CVE-2015-7599 — Integer Overflow or Wraparound | cvebase