PT-2017-12065 · Geutebruck · Gcore
Published
2017-07-21
·
Updated
2017-07-26
·
CVE-2017-11517
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Geutebruck Gcore versions 1.3.8.42 and 1.4.2.37
Description
The issue is a stack-based buffer overflow in GCoreServer.exe, allowing remote attackers to execute arbitrary code via a long URI in a GET request to the
/ API endpoint.Recommendations
For version 1.3.8.42, update to a version that fixes this issue.
For version 1.4.2.37, update to a version that fixes this issue.
As a temporary workaround, consider restricting access to the GCoreServer.exe to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gcore