Main Vulnerability Database Vulnerabilities #VU35851

Input validation error in 010 Editor - CVE-2019-12554

Published: June 5, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35851

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-12554

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: SweetScape Software Inc.

Affected software:
010 Editor

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.

How to mitigate CVE-2019-12554

Install update from vendor's website.

Sources

https://github.com/ereisr00/bagofbugz/blob/master/010Editor/WSubStr.bt
https://www.sweetscape.com/010editor/release_notes.html

Input validation error in 010 Editor - CVE-2019-12554

Detailed vulnerability description

How to mitigate CVE-2019-12554

Sources

Please verify you're human