Egebalci

Name of the Vulnerable Software and Affected Versions: SyncBreeze Enterprise version 10.6.24 Description: An issue was discovered in the web server of SyncBreeze Enterprise, where a user mode write access violation can occur on the syncbrs.exe memory region. This can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs. Recommendations: For SyncBreeze Enterprise version 10.6.24, consider restricting access to the web server or limiting the length of HTTP header values and URIs to minimize the risk of exploitation. As a temporary workaround, restrict the use of the syncbrs.exe memory region until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.