Multiple Stack-Based Buffer Overflow Vulnerabilities in Delta PMSoft Versions 2.10 and Prior

Multiple Stack-Based Buffer Overflow Vulnerabilities in Delta PMSoft Versions 2.10 and Prior

CVE-2018-8839 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version.

Learn more about our User Device Pen Test.