THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2023-41185

Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability

Assignerzdi
Reserved2023-08-24
Published2024-05-03
Updated2024-07-10

Description

Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of client certificates. When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20353.



HIGH: 8.6CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Problem types

CWE-190: Integer Overflow or Wraparound

Product status

Default status
unknown

1.5.12
affected

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1286/ (ZDI-23-1286)

cve.org CVE-2023-41185

nvd.nist.gov CVE-2023-41185

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-41185
© Copyright 2024 THREATINT. Made in Cyprus with +