WEKA INTEREST Security Scanner up to 1.8 Portscan memory allocation
A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Portscan. The manipulation leads to uncontrolled memory allocation. Using CWE to declare the problem leads to CWE-789. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The bug was discovered 07/30/2007. The weakness was shared 06/05/2017 by Marc Ruef with scip AG as ID 101969 as Entry (VulDB). The advisory is available at vuldb.com. The vendor was not involved in the coordination of the public release. This vulnerability was named CVE-2017-20016. The attack can be initiated remotely. There are no technical details available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. It is declared as proof-of-concept. It is possible to download the exploit at vuldb.com. The vulnerability was handled as a non-public zero-day exploit for at least 3598 days. As 0-day the estimated underground price was around $0-$5k. A possible alternative is ATK - Attack Tool Kit. It is recommended to replace the affected component with an alternative. A possible mitigation has been published even before and not after the disclosure of the vulnerability.