Published:2012/01/11  Last Updated:2012/01/13

Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service


CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability.

Products Affected

  • CodeMeter Runtime prior to v4.40


CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS).


A remote attacker may be able to cause a denial-of-service (DoS).


Update the software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor Link
Wibu-Systems AG Support & Downloads - User Software


  1. US-CERT Vulnerability Note VU#659515
    Wibu-Systems CodeMeter remote denial of service vulnerability

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2012.01.11

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the vulnerability can be exploited without an honest user taking any action
  • High
Exploit Complexity expertise and/or luck required (guessing correctly in medium-sized space, kernel expertise)
  • Low-Mid

Description of each analysis measures


Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2011-4057
JVN iPedia JVNDB-2012-000003

Update History

Information under the section "References" was added.