Anurag Srivastava

**Name of the Vulnerable Software and Affected Versions** DiskPulse versions 9.9.16 and earlier DiskSavvy versions 9.9.14 and earlier DupScout versions 9.9.14 and earlier SyncBreeze versions 9.9.16 and earlier **Description** The issue is caused by a buffer overflow in the web server component of the affected software. This can be exploited by a remote attacker using a specially crafted HTTP GET request, allowing them to gain access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability is due to improper handling and sanitization of incoming requests. **Recommendations** For DiskPulse version 9.9.16 and earlier, update to a version that fixes the buffer overflow vulnerability. For DiskSavvy version 9.9.14 and earlier, update to a version that fixes the buffer overflow vulnerability. For DupScout version 9.9.14 and earlier, update to a version that fixes the buffer overflow vulnerability. For SyncBreeze version 9.9.16 and earlier, update to a version that fixes the buffer overflow vulnerability. As a temporary workaround, consider restricting access to the web server component until a patch is available.