vendor:
uml_net
by:
ktha@hushmail.com
7.5
CVSS
HIGH
Integer Mismangement
190
CWE
Product Name: uml_net
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: RH 8.0
2003
UML_NET Integer Mismangement Vulnerability
Due to integer mismanagement while handling version information, it may be possible for an attacker to execute arbitrary code. Specifically, by supplying a negative value within the version information it is possible to bypass various calculations and cause an invalid indexing into an array of functions. As a result, it is possible for an attacker to execute a function in an attacker-controlled location of memory.
Mitigation:
Update to the latest version of uml_net.