How severe is CVE-2020-27009?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2020-27009?

This is classified as CWE-823, which is a common weakness in software security.

CVE-2020-27009 - HIGH Severity | CVSS 8.1

Vulnerability Description

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.

Related Vulnerabilities

CVE-2021-34595

HIGH

CVSS:8.1(High)

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-serv...

CWE-8232021

CVE-2022-32142

HIGH

CVSS:8.1(High)

Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write ac...

CWE-8232022

CVE-2025-0467

HIGH

CVSS:8.2(High)

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.

CWE-8232025

CVE-2021-22549

HIGH

CVSS:7.8(High)

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8...

CWE-8232021

CVE-2021-22550

HIGH

CVSS:7.8(High)

An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/...

CWE-8232021

CVE-2022-0729

HIGH

CVSS:7.8(High)

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

CWE-8232022