Vulnerability Description
A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Windriver | Vxworks | >= 6.5, <= 7.0 |
| Siemens | Sgt-100 Firmware | All versions |
| Siemens | Sgt-100 | - |
| Siemens | Sgt-200 Firmware | All versions |
| Siemens | Sgt-200 | - |
| Siemens | Sgt-300 Firmware | All versions |
| Siemens | Sgt-300 | - |
| Siemens | Sgt-400 Firmware | All versions |
| Siemens | Sgt-400 | - |
| Siemens | Sgt-A20 Firmware | All versions |
| Siemens | Sgt-A20 | - |
| Siemens | Sgt-A35 Firmware | All versions |
| Siemens | Sgt-A35 | - |
| Siemens | Sgt-A65 Firmware | All versions |
| Siemens | Sgt-A65 | - |
Related Weaknesses (CWE)
References
- https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets/ExploitThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-553445.pdfThird Party Advisory
- https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets/ExploitThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-553445.pdfThird Party Advisory
FAQ
What is CVE-2016-20009?
CVE-2016-20009 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
How severe is CVE-2016-20009?
CVE-2016-20009 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-20009?
Check the references section above for vendor advisories and patch information. Affected products include: Windriver Vxworks, Siemens Sgt-100 Firmware, Siemens Sgt-100, Siemens Sgt-200 Firmware, Siemens Sgt-200.