V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-11802

7.8HIGH

Key Information:

Vendor: Fuji Electric
Status: Tellus Lite
Vendor: CVE Published:; 28 November 2024

🔔 Create Fuji Electric Vulnerability Alert

What is CVE-2024-11802?

The vulnerability within Fuji Electric's Tellus Lite V-Simulator 5 arises from improper validation during the parsing of V8 files. This flaw enables remote attackers to exploit the application by compelling users to engage with malicious files or links. As a result, the lack of adequate checks on user-supplied data length can lead to a stack-based buffer overflow, allowing for the execution of arbitrary code within the context of the current process. It emphasizes the necessity of robust file parsing and validation mechanisms to protect against such security threats.

Affected Version(s)

Tellus Lite 4.0.20.0

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1628/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2024

JSON