CVE-2022-40988

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'ipv6 static dns WORD WORD WORD' command template.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*
cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*

Information

Published : 2023-01-26 14:15

Updated : 2023-02-02 10:18


NVD link : CVE-2022-40988

Mitre link : CVE-2022-40988


JSON object : View

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Advertisement

dedicated server usa

Products Affected

siretta

  • quartz-gold_firmware
  • quartz-gold