CVE-2009-20005

Awaiting Analysis
Published: 16 Sept 2025, 15:15
Last modified:17 Sept 2025, 14:18

Vulnerability Summary

Overall Risk
High Risk
60/100
CVSS Score
9.3 CRITICAL
v4.0
EPSS Score
66.39% CRITICAL
98%ile 0.00%
CISA KEV
Not listed
Ransomware
No reports
Exploits
1 found
Dark Web
Not detected
A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined.
Source Identifier: disclosure@vulncheck.com
CVSSSourceSeverityExploitabilityImpactVector
v4.0 disclosure@vulncheck.com9.3 CRITICALNANA
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/V...
v3.1n/a
v3.0n/a
v2.0n/a
66.39%
Current Score
0.00%
98%ile
Percentile Rank
0.00%
Loading chart...
Loading chart...
Stack-based Buffer Overflow CWE-121
Description:A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Not listed in CISA Known Exploited Vulnerabilities catalog.

No dark web activity detected for this vulnerability.

metasploit
Windows
exploitVerified
Author: MC <mc@metasploit.com>
Published: 29 Sept 2009, 00:00
Updated: 06 Oct 2025, 17:15
This module exploits a stack buffer overflow in InterSystems Cache 2009.1. By sending a specially crafted GET request, an attacker may be able to execute arbitrary code.
CVE-2009-20005OSVDB-60549BID-37177

No affected systems information available.

© 2025 CveMate. All rights reserved.v0.1.3