Show filters
38 Total Results
Displaying 1-10 of 38
Sort by:
Attacker Value
Moderate
CVE-2019-12256 - VxWorks IPv4 Options Buffer Overflow
Disclosure Date: August 09, 2019 (last updated December 06, 2023)
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.
0
Attacker Value
Unknown
CVE-2023-38346
Disclosure Date: September 22, 2023 (last updated October 08, 2023)
An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.
0
Attacker Value
Unknown
CVE-2022-38767
Disclosure Date: November 25, 2022 (last updated October 08, 2023)
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.
0
Attacker Value
Unknown
CVE-2022-23937
Disclosure Date: March 29, 2022 (last updated October 07, 2023)
In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.
0
Attacker Value
Unknown
CVE-2021-43268
Disclosure Date: November 24, 2021 (last updated October 07, 2023)
An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.
0
Attacker Value
Unknown
CVE-2020-35198
Disclosure Date: May 12, 2021 (last updated November 28, 2024)
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
0
Attacker Value
Unknown
CVE-2021-29998
Disclosure Date: April 13, 2021 (last updated November 28, 2024)
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
0
Attacker Value
Unknown
CVE-2021-29999
Disclosure Date: April 13, 2021 (last updated November 28, 2024)
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.
0
Attacker Value
Unknown
CVE-2021-29997
Disclosure Date: April 13, 2021 (last updated November 28, 2024)
An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.
0
Attacker Value
Unknown
CVE-2016-20009
Disclosure Date: March 11, 2021 (last updated February 22, 2025)
A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
0
