Headline
CVE-2022-47908: Multiple vulnerabilities in Fuji Electric V-Server
Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.
Published:2022/12/28 Last Updated:2022/12/28
Overview
V-Server provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities.
Products Affected
- V-Server v4.0.12.0 and earlier
Description
V-Server provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below.
- Stack-based Buffer ovewflow (CWE-121) - CVE-2022-47908
- Out-of-bounds Read (CWE-125) - CVE-2022-41645
- Out-of-bounds Write (CWE-787) - CVE-2022-47317
Impact
Exploiting these vulnerabilities by having a user to open a specially crafted project file may result in information disclosure and/or arbitrary code execution.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer released V-Server v4.0.15.0 that contains the fixes for these vulnerabilities (Improvement information 22C0S04).
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information