CVE-2023-35965

Name of the Vulnerable Software and Affected Versions Yifan YF325 version 1.0 20221108

Description The issue is related to two heap-based buffer overflow vulnerabilities in the httpd manage post functionality. A specially crafted network request can lead to a heap buffer overflow, allowing an attacker to send a request and trigger these vulnerabilities. The integer overflow result is used as an argument for the malloc function. This can potentially enable a remote attacker to execute arbitrary code.

Recommendations For Yifan YF325 version 1.0 20221108, consider disabling the manage post functionality in the httpd service until a patch is available to prevent exploitation of the heap buffer overflow vulnerabilities. Restrict access to the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.