Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

xArrow Multiple Denial of Service Vulnerabilities

Information

Severity

Severity

Critical

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

10 years ago

Modified

Modified

4 years ago

Summary

This host is running xArrow and is prone to multiple denial of service vulnerabilities.

Insight

Insight

- A NULL-pointer dereference error in SCADA.exe due to missing validation when allocating memory can be exploited to cause a crash via a specially crafted packet sent to TCP port 1975. - An error in SCADA.exe when allocating memory to process certain packets can be exploited to cause limited memory corruption and crash the service via a specially crafted packet sent to TCP port 1975. - An integer overflow error in SCADA.exe when processing certain packets can be exploited to cause a crash via a specially crafted datagram sent to UDP port 1974. - An error in SCADA.exe when processing certain packets can be exploited to cause a crash via a specially crafted datagram sent to UDP port 1974.

Affected Software

Affected Software

xArrow versions before 3.4.1

Solution

Solution

Upgrade to xArrow version 3.4.1 or later.

Common Vulnerabilities and Exposures (CVE)