CVE-2018-8065

Name of the Vulnerable Software and Affected Versions: SyncBreeze Enterprise version 10.6.24

Description: An issue was discovered in the web server of SyncBreeze Enterprise, where a user mode write access violation can occur on the syncbrs.exe memory region. This can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.

Recommendations: For SyncBreeze Enterprise version 10.6.24, consider restricting access to the web server or limiting the length of HTTP header values and URIs to minimize the risk of exploitation. As a temporary workaround, restrict the use of the syncbrs.exe memory region until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.