Integer Conversion Vulnerability in WellinTech KingHistorian Product
CVE-2022-43663

8.1HIGH

Key Information:

Vendor: Wellintech
Status: Kinghistorian
Vendor: CVE Published:; 20 March 2023

Summary

An integer conversion vulnerability exists within the RecvPacket functionality of the SORBAx64.dll in WellinTech's KingHistorian. This flaw allows an attacker to craft and send a malicious network packet, potentially leading to a buffer overflow. If exploited, this vulnerability could compromise the integrity and availability of the affected product, making it critical for users to apply necessary security measures and updates to mitigate risks.

Affected Version(s)

KingHistorian 35.01.00.05

References

https://talosintelligence.com/vulnerability_reports/TALOS...

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2023
Vulnerability Reserved
Nov 28, 2022