Erika Mendoza

**Name of the Vulnerable Software and Affected Versions** iTechnology iGateway versions prior to 4.0.051230 **Description** The issue is a heap-based buffer overflow in the iGateway service, allowing remote attackers to execute arbitrary code via an HTTP request with a negative `Content-Length` field. This can be achieved by sending a crafted HTTP request. **Recommendations** For versions prior to 4.0.051230, update to version 4.0.051230 or later to resolve the issue. As a temporary workaround, consider restricting access to the iGateway service to minimize the risk of exploitation. Avoid using HTTP requests with negative `Content-Length` fields in the affected service until the issue is resolved.