PT-2021-23312 · Pyo+1 · Pyo+1
Awen-Lio
·
Published
2021-12-17
·
Updated
2021-12-27
·
CVE-2021-41498
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Pyo versions prior to 1.03
Description
The issue allows attackers to conduct Denial of Service attacks by arbitrarily constructing an overlong
client name or server name in the Server jack init function. This enables attackers to cause a buffer overflow, leading to a denial of service.Recommendations
For versions prior to 1.03, consider disabling the
Server jack init function until a patch is available to prevent exploitation. Restrict access to the function to minimize the risk of denial of service attacks. Avoid using overlong client name or server names in the affected function to mitigate the risk.Exploit
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Pyo