TIBCO Rendezvous HTTP Interface Remote Buffer Overflow Vulnerability

TIBCO Rendezvous HTTP Interface Remote Buffer Overflow Vulnerability

TIBCO Rendezvous is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an insufficiently sized memory buffer.

Attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. The affected component may be installed as a service with administrative privileges on Microsoft Windows computers.

TIBCO Hawk versions prior to 4.6.1, TIBCO Runtime Agent versions prior to 5.4, and TIBCO Rendezvous versions prior to 7.5.1 are vulnerable to this issue.