Headline
CVE-2022-40984: Stack-based buffer overflow vulnerability in Yokogawa Test & Measurement WTViewerE
Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name.
Published:2022/10/18 Last Updated:2022/10/18
Overview
WTViewerE provided by Yokogawa Test & Measurement Corporation contains a stack-based buffer overflow vulnerability.
Products Affected
- WTViewerE 761941
- from 1.31 to 1.61
- WTViewerEfree
- from 1.01 to 1.52
For more information, refer to the information provided by the developer.
Description
WTViewerE provided by Yokogawa Test & Measurement Corporation contains a stack-based buffer overflow vulnerability (CWE-121).
Impact
Processing a long file name may cause the product to crash.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the versions below that contain a fix for this vulnerability
- WTViewerE 761941
- 1.62
- WTViewerEfree
- 1.53
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector(AV)
Physical §
Local (L)
Adjacent (A)
Network (N)
Attack Complexity(AC)
High (H)
Low (L)
Privileges Required(PR)
High (H)
Low (L)
None (N)
User Interaction(UI)
Required ®
None (N)
Scope(S)
Unchanged (U)
Changed ©
Confidentiality Impact©
None (N)
Low (L)
High (H)
Integrity Impact(I)
None (N)
Low (L)
High (H)
Availability Impact(A)
None (N)
Low (L)
High (H)
Comment
This analysis assumes that the user is led to input a long filename to the affected product.
Credit
Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
CVE-2022-40984
JVN iPedia