CVE-2023-4491

Name of the Vulnerable Software and Affected Versions Easy Address Book Web Server version 1.6

Description The issue is a buffer overflow vulnerability that could allow an attacker to send a very long username string to the "/searchbook.ghp" API endpoint via a POST request, resulting in arbitrary code execution on the remote machine.

Recommendations For Easy Address Book Web Server version 1.6, consider disabling the /searchbook.ghp API endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary code execution. Avoid using long username strings in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.