#VU8482 Integer overflow in Adobe Commerce (formerly Magento Commerce)

Cybersecurity Help s.r.o.

Published: 2017-09-15

Vulnerability identifier: #VU8482

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Adobe Commerce (formerly Magento Commerce)
Web applications / E-Commerce systems

Vendor: Magento, Inc

Description
The vulnerability allows a remote authenticated attacker to cause DoS condition.

The vulnerability exists due to integer overflow. A remote attacker can modify the page counter when creating a new page and cause denial of service.

Mitigation
Update to version 2.0.16 or 2.1.9.

Vulnerable software versions

Adobe Commerce (formerly Magento Commerce): 2.0.0 - 2.0.15, 2.1.0 - 2.1.8

External links
https://magento.com/security/patches/magento-2016-and-219-security-update (APPSEC-1773: Injection on Page leading to DoS)

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Magento products