When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.
References
Link | Resource |
---|---|
https://www.windriver.com/feeds/wind_river_security_notices.xml | Vendor Advisory |
https://support2.windriver.com/index.php?page=security-notices | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2019-05-29 10:29
Updated : 2019-05-29 12:20
NVD link : CVE-2019-9865
Mitre link : CVE-2019-9865
JSON object : View
CWE
CWE-190
Integer Overflow or Wraparound
Products Affected
windriver
- vxworks