Free of Pointer not at Start of Buffer

CVE-2024-31413

Medium

5.9/10

Summary

Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-761 - Free of Pointer not at Start of Buffer

The application calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer.

References

Advisory Timeline

Published May 01, 2024

Free of Pointer not at Start of Buffer

CVE-2024-31413

Summary

CWE-761 - Free of Pointer not at Start of Buffer

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS