Main Vulnerability Database Vulnerabilities #VU35852

Input validation error in 010 Editor - CVE-2019-12555

Published: June 5, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35852

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-12555

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: SweetScape Software Inc.

Affected software:
010 Editor

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.

How to mitigate CVE-2019-12555

Install update from vendor's website.

Sources

https://github.com/ereisr00/bagofbugz/blob/master/010Editor/SubStr.bt
https://www.sweetscape.com/010editor/release_notes.html

Input validation error in 010 Editor - CVE-2019-12555

Detailed vulnerability description

How to mitigate CVE-2019-12555

Sources

Please verify you're human