CVE-2017-11498

Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gemalto:sentinel_ldk_rte:2.10:*:*:*:*:*:*:*
cpe:2.3:a:gemalto:sentinel_ldk_rte:3.0:*:*:*:*:*:*:*
cpe:2.3:a:gemalto:sentinel_ldk_rte:7.1:*:*:*:*:*:*:*
cpe:2.3:a:gemalto:sentinel_ldk_rte:7.50:*:*:*:*:*:*:*

History

21 Nov 2024, 03:07

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/102739 - () http://www.securityfocus.com/bid/102739 -
References () http://www.securityfocus.com/bid/102906 - () http://www.securityfocus.com/bid/102906 -
References () https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf - () https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf -
References () https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/ - Vendor Advisory () https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/ - Vendor Advisory
References () https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01 - () https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01 -
References () https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01 - () https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01 -
References () https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx - Third Party Advisory () https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx - Third Party Advisory

Information

Published : 2017-10-03 01:29

Updated : 2024-11-21 03:07


NVD link : CVE-2017-11498

Mitre link : CVE-2017-11498

CVE.ORG link : CVE-2017-11498


JSON object : View

Products Affected

gemalto

  • sentinel_ldk_rte
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer