PT-2023-29319 · Unknown · Easy Chat Server
Rafael Pedrero
·
Published
2023-10-04
·
Updated
2023-10-06
·
CVE-2023-4494
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Easy Chat Server version 3.1
Description
A stack-based buffer overflow issue exists due to an excessively long
username string being sent to the "register.ghp" file via a GET request, potentially leading to arbitrary code execution on the remote machine.Recommendations
For Easy Chat Server version 3.1, consider restricting access to the "register.ghp" file to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the length of the
username string to prevent buffer overflow.Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easy Chat Server