critical
10
CWE
787 119
Advisory Published
Updated

CVE-2020-14268: Buffer Overflow

First published: Mon Dec 14 2020(Updated: )

A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.

Credit: psirt@hcl.com

Affected SoftwareAffected VersionHow to fix
Hcltech Notes>=9.0<9.0.1
Hcltech Notes>=10.0<10.0.1
Hcltech Notes=9.0.1
Hcltech Notes=9.0.1-fp10
Hcltech Notes=9.0.1-fp10if1
Hcltech Notes=9.0.1-fp10if2
Hcltech Notes=9.0.1-fp10if3
Hcltech Notes=9.0.1-fp10if4
Hcltech Notes=9.0.1-fp10if5
Hcltech Notes=9.0.1-fp10if6
Hcltech Notes=9.0.1-fp10if7
Hcltech Notes=9.0.1-fp1if1
Hcltech Notes=9.0.1-fp1if2
Hcltech Notes=9.0.1-fp2if1
Hcltech Notes=9.0.1-fp2if2
Hcltech Notes=9.0.1-fp2if3
Hcltech Notes=9.0.1-fp2if4
Hcltech Notes=9.0.1-fp3if1
Hcltech Notes=9.0.1-fp3if2
Hcltech Notes=9.0.1-fp3if3
Hcltech Notes=9.0.1-fp3if4
Hcltech Notes=9.0.1-fp4if1
Hcltech Notes=9.0.1-fp4if2
Hcltech Notes=9.0.1-fp5if1
Hcltech Notes=9.0.1-fp5if2
Hcltech Notes=9.0.1-fp5if3
Hcltech Notes=9.0.1-fp7if1
Hcltech Notes=9.0.1-fp7if2
Hcltech Notes=9.0.1-fp8if1
Hcltech Notes=9.0.1-fp9if1
Hcltech Notes=9.0.1-fp9if2
Hcltech Notes=10.0.1
Hcltech Notes=10.0.1-fp1
Hcltech Notes=10.0.1-fp2
Hcltech Notes=10.0.1-fp3

Remedy

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085762

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2020-14268?

    CVE-2020-14268 is a vulnerability in the MIME message handling of the Notes client (versions 9 and 10) that could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow.

  • What is the severity of CVE-2020-14268?

    CVE-2020-14268 has a severity rating of 9.8 (Critical).

  • Which software versions are affected by CVE-2020-14268?

    CVE-2020-14268 affects Hcltech Notes versions 9.0 and 10.0, including various fix packs and interim fixes.

  • How can an attacker exploit CVE-2020-14268?

    An attacker can exploit CVE-2020-14268 by sending a specially crafted MIME message to the vulnerable Notes client, causing a stack buffer overflow and potentially allowing them to crash the client or inject malicious code.

  • Is there a fix available for CVE-2020-14268?

    Yes, Hcltech has provided a fix for CVE-2020-14268. Users should update to the latest version of Hcltech Notes or apply the recommended fix pack or interim fix.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203