PT-2017-19006 · Efs · Efs Software Easy Chat Server
Published
2017-06-12
·
Updated
2021-03-26
·
CVE-2017-9544
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
EFS Software Easy Chat Server versions 2.0 to 3.1
Description
The issue is a remote stack-based buffer overflow in the register.ghp component. It can be triggered by sending an overly long
username string to the "registresult.htm" endpoint for user registration, potentially allowing an attacker to execute arbitrary code.Recommendations
For EFS Software Easy Chat Server versions 2.0 to 3.1, consider restricting access to the "registresult.htm" endpoint until a fix is available, and limit the length of the
username string to prevent buffer overflow exploitation.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Efs Software Easy Chat Server