CVE-2021-34583

CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)

CVSS 7.5 HIGHEPSS 8.4%CWE-122

In short

The CODESYS V2 web server has a flaw where specially crafted web requests can cause it to crash due to a memory overflow, making the server unavailable to legitimate users.

Technical detail

A heap-based buffer overflow vulnerability in CODESYS V2 web server (versions before V1.1.9.22) can be triggered via specially crafted HTTP requests, resulting in a denial-of-service condition through application crash. The vulnerability requires network access to the web server but no authentication or special conditions.

Summary generated and translated by AI from the official description.

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

CODESYS · CODESYS V2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=https://www.tenable.com/security/research/tra-2021-47