CVE-2019-3729 — Stack-based Buffer Overflow in Dell RSA Bsafe MES

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write CWE-20 — Improper Input Validation CWE-125 — Out-of-bounds Read26 documents6 sources

Severity

2.4LOWNVD

EPSS

0.1%

top 69.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell RSA Bsafe MES Dell Bsafe Micro-edition-suite

Timeline

PublishedSep 30

Latest updateMay 24

Description

RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

▶NVDdell/bsafe_micro-edition-suite4.0.0 — 4.0.13+1

▶CVEListV5dell/rsa_bsafe_mesunspecified — 4.4

🔴Vulnerability Details

GHSA

GHSA-ff5p-8cgp-p5jc: RSA BSAFE Micro Edition Suite versions prior to 4↗2022-05-24

▶

CVEList

CVE-2019-3729: RSA BSAFE Micro Edition Suite versions prior to 4↗2019-09-30

▶

💥Exploits & PoCs

Exploit-DB

Fastweb Fastgate 0.00.81 - Remote Code Execution↗2019-11-13

▶

📋Vendor Advisories

Red Hat

chromium-browser: parameter passing error in media player leading to unauthorized access↗2019-04-30

▶

Red Hat

sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces↗2019-04-30

▶

Red Hat

chromium-browser: Use after free in Blink↗2019-04-23

▶

Red Hat

chromium-browser: Use after free in Blink↗2019-04-23

▶

Red Hat

chromium-browser: Heap buffer overflow in Angle on Windows↗2019-04-23

▶

💬Community

Bugzilla

CVE-2019-5826 chromium-browser: Use-after-free in IndexedDB↗2019-05-07

▶

Bugzilla

CVE-2019-5825 chromium-browser: Out-of-bounds write in V8↗2019-05-07

▶