Vulnerabilities > CVE-2024-40722 - Out-of-bounds Write vulnerability in Changingtec TCB Servisign

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

changingtec

CWE-787

NVD

Published: 2024-08-02

Updated: 2024-08-09

Summary

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service.

Vulnerable Configurations

Part	Description	Count
Application	Changingtec Changingtec TCB Servisign -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.twcert.org.tw/tw/cp-132-7967-9efdf-1.html
https://www.twcert.org.tw/en/cp-139-7973-e10c6-2.html