Heap Overflow Vulnerability in WibuKey Network Server by Wibu-Systems
CVE-2018-3991

10CRITICAL

Key Information:

Vendor

Wibu

Status
Wibukey
Vendor
CVE Published:
5 February 2019

What is CVE-2018-3991?

A significant heap overflow vulnerability exists in the WkbProgramLow function of the WibuKey Network server. This issue arises from the processing of specially crafted TCP packets that can overflow the heap memory, allowing an attacker to execute arbitrary code remotely. Successful exploitation of this vulnerability could compromise the security of the server, highlighting the importance of applying patches and mitigating risks associated with untrusted data.

References

http://www.securityfocus.com/bid/107005
vdb-entryx_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-84456...
x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-76012...
x_refsource_CONFIRM

EPSS Score

74% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.