PT-2023-23259 · V-Server+1 · V-Server+1
Michael Heinzl
·
Published
2023-06-19
·
Updated
2024-12-23
·
CVE-2023-31239
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
V-Server versions 4.0.15.0 and earlier
V-Server Lite versions 4.0.15.0 and earlier
Description
A stack-based buffer overflow issue allows an attacker to execute arbitrary code by having a user open a specially crafted VPR file. This can be exploited when a user opens a malicious VPR file, potentially leading to code execution.
Recommendations
For V-Server versions 4.0.15.0 and earlier, avoid opening untrusted VPR files until a patch is available.
For V-Server Lite versions 4.0.15.0 and earlier, avoid opening untrusted VPR files until a patch is available.
As a temporary workaround, consider restricting the use of VPR files in V-Server and V-Server Lite until a patch is available.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
V-Server
V-Server Lite