PT-2023-6865 · Unknown+1 · V-Server Lite+1
Michael Heinzl
·
Published
2023-11-10
·
Updated
2023-11-21
·
CVE-2023-47586
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
V-Server versions 4.0.18.0 and earlier
V-Server Lite versions 4.0.18.0 and earlier
Description
The issue is related to heap-based buffer overflow vulnerabilities. Exploitation of this issue may allow a remote attacker to execute arbitrary code using a specially crafted file. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
Recommendations
For V-Server versions 4.0.18.0 and earlier, avoid opening specially crafted VPR files until a patch is available.
For V-Server Lite versions 4.0.18.0 and earlier, avoid opening specially crafted VPR files until a patch is available.
As a temporary workaround, consider restricting access to VPR files to minimize the risk of exploitation.
Fix
Heap Based Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
V-Server
V-Server Lite