CVE-2023-35966

Name of the Vulnerable Software and Affected Versions Yifan YF325 version 1.0 20221108

Description The issue is related to two heap-based buffer overflow vulnerabilities in the httpd manage post functionality. A specially crafted network request can lead to a heap buffer overflow, allowing an attacker to send a network request to trigger these vulnerabilities. The integer overflow result is used as an argument for the realloc function. This vulnerability can be exploited by a remote attacker to execute arbitrary code.

Recommendations For Yifan YF325 version 1.0 20221108, consider disabling the manage post functionality in the httpd service until a patch is available to prevent exploitation of the heap buffer overflow vulnerabilities. Restrict access to the httpd service to minimize the risk of exploitation. Avoid using the realloc function with unvalidated input to prevent integer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.