PT-2021-12701 · Afreecatv · Afreecatv

Published

2021-11-26

Updated

2022-07-08

CVE-2020-7881

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: AfreecaTV (affected versions not specified)

Description: A stack-based buffer overflow leading to remote code execution was discovered in the strcpy() function operated by the FanTicket field. This issue arises due to stored data without validation of length. The vulnerability is enabled when the streamer service related to AfreecaTV communicates through a web socket using the 21201 port.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

CVE-2020-7881

Affected Products

Afreecatv

PT-2021-12701 · Afreecatv · Afreecatv

CVE-2020-7881

Weakness Enumeration

Related Identifiers

Affected Products

References · 4