Buffer overflow in Sewio Real-time_location_system_studio

CVE-2022-41989

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulti…

Vulnerability class: Buffer Overflow

EPSS: 0.008 (50.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2022-41989?
CVE-2022-41989 is a critical-severity vulnerability in Sewio Real-time_location_system_studio, classified under Out-of-bounds Write. CVSS score: 9.0/10. Published 2023-01-18.
How severe is CVE-2022-41989?
Critical severity. CVSS v3 base score is 9.0 out of 10.