CVEbaza.plSłownik CWECWE-1282
Common Weakness Enumeration

CWE-1282

Assumed-Immutable Data is Stored in Writable Memory

Kategoria: BaseCVE: 8
Opis

Dane niezmienne, takie jak bootloader pierwszego etapu, identyfikatory urządzenia i ustawienia konfiguracyjne "write-once" są przechowywane w pamięci zapisywalnej, którą można przeprogramować lub zaktualizować w terenie. Stanowi to zagrożenie bezpieczeństwa, umożliwiając nieautoryzowaną modyfikację krytycznych komponentów systemu.

Description (EN)

Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field.

Podatności CVE z CWE-1282 (8)
8.7
CVSS
HIGH
CVE-2019-25358

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when opening options.

pub. 2026-02-18
8.4
CVSS
HIGH
CVE-2022-2483

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.

pub. 2023-01-06
6.9
CVSS
MEDIUM
CVE-2019-25583

RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an application crash.

pub. 2026-03-22
6.9
CVSS
MEDIUM
CVE-2019-25587

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration.

pub. 2026-03-22
6.9
CVSS
MEDIUM
CVE-2019-25588

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked.

pub. 2026-03-22
6.9
CVSS
MEDIUM
CVE-2019-25590

Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.

pub. 2026-03-22
6.9
CVSS
MEDIUM
CVE-2019-25551

Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during program alert configuration to trigger an application crash.

pub. 2026-03-21
6.8
CVSS
MEDIUM
CVE-2018-25229

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 'A' characters in the SMTP Server field and trigger a crash by clicking the Test button.

pub. 2026-03-30
Informacje
ID: CWE-1282
Typ: Base
Podatności: 8
MITRE CWE ↗
← Słownik CWE