CVE-2020-16101

Summary

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.

Affected Software

VendorProductVersion RangeStatus
GallagherCommand Centreunspecified <= 7.90affected
GallagherCommand Centre8.20 < 8.20.1166 (MR3)affected
GallagherCommand Centre8.10 < 8.10.1211 (MR5)affected
GallagherCommand Centre8.00 < 8.00.1228 (MR6)affected

Weaknesses

  • CWE-805: CWE-805 Buffer Access with Incorrect Length Value

ADP Enrichment

CVE Program Container

Additional References

References