Unexpected Sign Extension

CVE-2022-32138

High

8.8/10

Summary

In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-194 - Unexpected Sign Extension

The software performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.

References

Advisory Timeline

Published Jun 24, 2022

Unexpected Sign Extension

CVE-2022-32138

Summary

CWE-194 - Unexpected Sign Extension

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS