Unchecked Return Value

CVE-2021-34585

High

7.5/10

Summary

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-252 - Unchecked Return Value

The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

References

Advisory Timeline

Published Oct 26, 2021

Unchecked Return Value

CVE-2021-34585

Summary

CWE-252 - Unchecked Return Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS