Description
The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.
References (1)
Core 1
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_confirm
https://us-cert.cisa.gov/ics/advisories/icsa-21-292-01
Scores
CVSS v3
4.8
EPSS
0.0017
EPSS Percentile
37.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-125
Status
published
Products (1)
auvesy/versiondog
< 8.0.0
Published
Oct 22, 2021
Tracked Since
Feb 18, 2026