Windriver Vxworks vulnerabilities
38 known vulnerabilities affecting windriver/vxworks.
Total CVEs
38
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH18MEDIUM8
Vulnerabilities
Page 1 of 2
CVE-2023-51787HIGHCVSS 7.5v72024-02-15
CVE-2023-51787 [HIGH] CWE-200 CVE-2023-51787: An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread t
An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak.
nvd
CVE-2023-38346HIGHCVSS 8.8v6.9v7.02023-09-22
CVE-2023-38346 [HIGH] CWE-22 CVE-2023-38346: An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR
An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when e
nvd
CVE-2022-38767HIGHCVSS 7.5≥ 6.9, < 6.9.4.12v6.9.4.12+1 more2022-11-25
CVE-2022-38767 [HIGH] CVE-2022-38767: An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet s
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.
nvd
CVE-2022-23937HIGHCVSS 7.5v6.9v7.02022-03-29
CVE-2022-23937 [HIGH] CWE-125 CVE-2022-23937: In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during
In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.
nvd
CVE-2021-43268MEDIUMCVSS 6.5≥ 6.9, ≤ 7.02021-11-24
CVE-2021-43268 [MEDIUM] CWE-415 CVE-2021-43268: An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packe
An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.
nvd
CVE-2020-35198CRITICALCVSS 9.8≥ 6.9, < 6.9.4.12≥ 7.0, < 21.03+1 more2021-05-12
CVE-2020-35198 [CRITICAL] CWE-190 CVE-2020-35198: An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflo
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
nvd
CVE-2021-29998CRITICALCVSS 9.8fixed in 6.52021-04-13
CVE-2021-29998 [CRITICAL] CWE-787 CVE-2021-29998: An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
nvd
CVE-2021-29999CRITICALCVSS 9.8≤ 6.82021-04-13
CVE-2021-29999 [CRITICAL] CWE-787 CVE-2021-29999: An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhc
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.
nvd
CVE-2021-29997MEDIUMCVSS 5.3≥ 7.0, < 21.032021-04-13
CVE-2021-29997 [MEDIUM] CWE-125 CVE-2021-29997: An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to
An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.
nvd
CVE-2016-20009CRITICALCVSS 9.8≥ 6.5, ≤ 7.02021-03-11
CVE-2016-20009 [CRITICAL] CWE-787 CVE-2016-20009: A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 thro
A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
nvd
CVE-2020-28895HIGHCVSS 7.3≥ 6.9, < 6.9.4.12v6.9.4.122021-02-03
CVE-2020-28895 [HIGH] CWE-190 CVE-2020-28895: In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's si
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
nvd
CVE-2020-11440HIGHCVSS 7.5≥ 5.5, < 7.0v7.02020-07-23
CVE-2020-11440 [HIGH] CVE-2020-11440: httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the w
httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.
nvd
CVE-2020-10664HIGHCVSS 7.5v6.8.32020-04-27
CVE-2020-10664 [HIGH] CWE-476 CVE-2020-10664: The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference
The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference.
nvd
CVE-2019-12262CRITICALCVSS 9.8v6.6v6.7+3 more2019-08-14
CVE-2019-12262 [CRITICAL] CVE-2019-12262: Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client componen
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).
nvd
CVE-2019-12255CRITICALCVSS 9.8PoC≥ 6.5, < 6.9.42019-08-09
CVE-2019-12255 [CRITICAL] CWE-120 CVE-2019-12255: Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET securi
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.
nvd
CVE-2019-12256CRITICALCVSS 9.8≥ 6.5, < 6.9.4.122019-08-09
CVE-2019-12256 [CRITICAL] CWE-120 CVE-2019-12256: Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET securi
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.
nvd
CVE-2019-12261CRITICALCVSS 9.8≥ 6.5, < 6.9.4.12v7.02019-08-09
CVE-2019-12261 [CRITICAL] CWE-120 CVE-2019-12261: Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4).
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.
nvd
CVE-2019-12260CRITICALCVSS 9.8≥ 6.5, < 6.9.4.12v7.02019-08-09
CVE-2019-12260 [CRITICAL] CWE-120 CVE-2019-12260: Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.
nvd
CVE-2019-12257HIGHCVSS 8.8≥ 6.5, < 6.9.42019-08-09
CVE-2019-12257 [HIGH] CWE-120 CVE-2019-12257: Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an I
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.
nvd
CVE-2019-12263HIGHCVSS 8.1≥ 6.5, < 6.9.4.12v7.02019-08-09
CVE-2019-12263 [HIGH] CWE-362 CVE-2019-12263: Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
nvd
1 / 2Next →