Vulnerability in 3ssoftware Codesys

CVE-2011-5008

Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow.

EPSS: 0.093 (92.9th percentile) — read the EPSS interpretation.

Affected products

3ssoftware Codesys — versions 3.4
N/a — versions n/a

Weakness classification (CWE)

CWE-189

References

cve@mitre.org (US Government Resource, Exploit, x_refsource_MISC)
20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 (mailing-list, x_refsource_BUGTRAQ)
47018 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
77386 (x_refsource_OSVDB, vdb-entry)
codesys-gatewayservice-bo(71531) (vdb-entry, x_refsource_XF)