Unexpected Sign Extension

CVE-2021-38434

Medium

6.8/10

Summary

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-194 - Unexpected Sign Extension

The software performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.

References

Advisory Timeline

Published Oct 18, 2021

Unexpected Sign Extension

CVE-2021-38434

Summary

CWE-194 - Unexpected Sign Extension

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS