CVE-2017-17996

Name of the Vulnerable Software and Affected Versions: SyncBreeze Enterprise versions prior to 10.3.14

Description: A buffer overflow issue exists in the Add command functionality. This can be triggered by an authenticated attacker submitting a command name with more than 5000 characters, potentially causing the SyncBreeze Enterprise server to terminate and possibly allowing remote command execution with SYSTEM privilege.

Recommendations: For versions prior to 10.3.14, update to a version that contains a fix for this issue to prevent potential remote command execution. As a temporary workaround, consider restricting the length of command names submitted to the Add command functionality to prevent buffer overflow.