< ciso
brief />
Tag Banner

All news with #integer overflow tag

4 articles

Critical libssh2 Integer Overflow POC Released

🛡️ A public proof-of-concept is available for CVE-2026-55200, a critical libssh2 flaw that allows a malicious SSH server to trigger memory corruption on connecting clients, potentially enabling code execution without credentials or user interaction. The bug affects all releases up to 1.11.1 and scores 9.2 (CVSS 4.0). It stems from an unbounded packet_length parsed during the SSH handshake, producing a 32-bit wrap and an out-of-bounds heap write. A patch was merged on June 12 and the CVE published June 17; distributions are backporting fixes while a tagged release is prepared.
read more →

Mitsubishi MELSEC iQ-F EtherNet/IP DoS Fix

🔒 An integer overflow in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP modules can be exploited remotely to cause a denial-of-service by rapidly opening many TCP connections, leading to improper memory access. A vendor update (version 1.001 or later) is available from Mitsubishi Electric to remediate the issue. Until patched, the vendor recommends network restrictions such as firewalls, VPNs, IP filtering, LAN-only operation, and limiting physical and host access to reduce exposure.
read more →

Dover ProGauge MagLink LX Vulnerabilities and Fixes

⚠️ Dover Fueling Solutions disclosed critical vulnerabilities in its ProGauge MagLink LX4, LX4 Plus, and LX4 Ultimate tank monitors that may be exploited remotely. Identified issues include an integer overflow (CVE-2025-55068), a hard-coded cryptographic signing key (CVE-2025-54807), and non‑changeable weak default root credentials (CVE-2025-30519), with ratings up to CVSS v4 9.3. Affected firmware must be updated to 4.20.3 for LX4/LX4 Plus or 5.20.3 for LX4 Ultimate; operators are urged to minimize network exposure and place devices behind firewalls.
read more →

Siemens Integer Overflow Vulnerabilities in Industrial Devices

🔔 Siemens ProductCERT and CISA report multiple integer overflow vulnerabilities (CVE-2021-41990, CVE-2021-41991) affecting a broad set of SIMATIC NET CP, SINEMA and SCALANCE devices. Exploitation can cause denial-of-service by triggering integer wraparound; remote code execution is considered unlikely. Siemens provides firmware fixes and workarounds; operators should apply vendor updates, restrict network exposure and follow Siemens operational security guidance.
read more →