216.73.217.172

CVE-2009-20005

· Published 16/09/2025 15:15 · Modified 17/09/2025 14:18

Labels: CVE-2009-20005 2025-09-16CVE-2009-20005CWE-121[email protected]

Essential information

Published
16/09/2025 15:15
Modified
17/09/2025 14:18
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
intersystems / caché cpe:2.3:a:intersystems:caché:2009.1:*:*:*:*:*:*:*

References