Buffer overflow in Novell File_reporter

CVE-2011-2220

Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element.

Vulnerability class: Buffer Overflow

EPSS: 0.289 (96.7th percentile) — read the EPSS interpretation.

Affected products

Novell File_reporter
Novell File_reporter_engine
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM)
8305 (x_refsource_SREASON, third-party-advisory)
45065 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
1025722 (vdb-entry, x_refsource_SECTRACK)
20110627 ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)