PT-2023-30103 · Weborf+1 · Weborf+1
Ltworf
·
Publicado
2023-10-25
·
Atualizado
2024-10-11
·
CVE-2023-46586
CVSS v3.1
9.1
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Weborf versions 0.17 through 0.20
Itworf versions prior to #88
Description
The issue is related to a null termination flaw in the cgi.c file of Weborf, where the path for CGI scripts lacks '0' termination due to the misuse of strncpy. This vulnerability could be exploited, posing a risk to users. Users are urged to update to the latest version to mitigate potential threats.
Recommendations
For Weborf versions 0.17 through 0.20, update to version 1.0 or later to resolve the issue.
For Itworf versions prior to #88, update to the latest version to mitigate risks.
As a temporary workaround, consider restricting access to CGI scripts until a patch is available.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Itworf
Weborf