WS-2014-0065
Published:May 15, 2026
Updated:May 15, 2026
JNA prior to 5.0.0 was discovered to contain an out-of-bounds read. Advapi32Util.registryGetValues does not terminate the returned string with null terminators. When it tries to identify the string content it searches for the next null-terminator and will read out-of-bounds of the buffer.
Affected Packages
cromwell (CONDA):
Affected version(s) =0.32 <0.32aFix Suggestion:
Update to version 0.32asirius-csifingerid (CONDA):
Affected version(s) =4.0.1 <4.9.3Fix Suggestion:
Update to version 4.9.3womtool (CONDA):
Affected version(s) >=36 <50Fix Suggestion:
Update to version 50cromwell (CONDA):
Affected version(s) >=0.34 <40Fix Suggestion:
Update to version 40existdb (CONDA):
Affected version(s) >=4.3.1 <=4.7.1Fix Suggestion:
Update to version no_fixwomtool (CONDA):
Affected version(s) =52 <53Fix Suggestion:
Update to version 53flyway.commandline.jre (NUGET):
Affected version(s) >=7.15.0 <10.9.1Fix Suggestion:
Update to version 10.9.1flyway.commandline (NUGET):
Affected version(s) >=6.0.4 <10.9.1Fix Suggestion:
Update to version 10.9.1micro-manager.net (NUGET):
Affected version(s) =2.0.3.3Fix Suggestion:
Update to version no_fixgomoob/php-embedded-mongo (PHP):
Affected version(s) >=0.0.1-alpha1 <=0.0.1-alpha2Fix Suggestion:
Update to version no_fixRelated Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH