CVE-2020-5806

An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.
References
Link Resource
https://www.tenable.com/security/research/tra-2020-71 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:rockwellautomation:factorytalk_linx:*:*:*:*:*:*:*:*

Information

Published : 2020-12-29 04:15

Updated : 2020-12-30 06:45


NVD link : CVE-2020-5806

Mitre link : CVE-2020-5806

Products Affected
No products.
CWE