PT-2009-5017 · Baofeng · Baofeng Storm

Jambalaya

Published

2009-07-27

Updated

2009-07-27

CVE-2009-2617

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BaoFeng Storm version 3.9.62

Description The issue is a stack-based buffer overflow in the medialib.dll component, which can be exploited by remote attackers to execute arbitrary code. This can be achieved by providing a long pathname in the source attribute of an item element in a .smpl playlist file.

Recommendations For BaoFeng Storm version 3.9.62, update to a newer version that contains a fix for this issue, as using a long pathname in the source attribute of an item element in a .smpl playlist file can lead to arbitrary code execution. As a temporary workaround, consider restricting the length of pathnames used in .smpl playlist files to prevent potential exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-2617

Affected Products

Baofeng Storm

PT-2009-5017 · Baofeng · Baofeng Storm

CVE-2009-2617

Weakness Enumeration

Related Identifiers

Affected Products

References · 6