CVE-2017-12820: Buffer Overflow
First published: Tue Oct 03 2017(Updated: )
Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
Credit: vulnerability@kaspersky.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thales Sentinel LDK | <=7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/102906
- https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-006-sentinel-ldk-rte-arbitrary-memory-read-from-controlled-memory-pointer-leads-to-remote-denial-of-service/
- https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01
Frequently Asked Questions
What is the severity of CVE-2017-12820?
CVE-2017-12820 has been classified with a critical severity due to its potential to cause remote denial of service.
How do I fix CVE-2017-12820?
To fix CVE-2017-12820, upgrade to Sentinel LDK RTE version 7.55 or later.
What products are affected by CVE-2017-12820?
CVE-2017-12820 affects Gemalto's HASP SRM, Sentinel HASP, and Sentinel LDK products prior to version 7.55.
What vulnerability does CVE-2017-12820 exploit?
CVE-2017-12820 exploits an arbitrary memory read from a controlled memory pointer.
What type of attack can CVE-2017-12820 lead to?
CVE-2017-12820 can lead to a remote denial of service attack.
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sentinel
- canonical/thales sentinel ldk
- version/thales sentinel ldk/7.50