PT-2024-20220 · Eserver · Ezserver
Published
2024-01-24
·
Updated
2024-02-01
·
CVE-2024-23985
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
EzServer version 6.4.017
Description
The issue allows a denial of service (daemon crash) via a long string, such as one for the
RNTO command.Recommendations
For EzServer version 6.4.017, consider restricting the length of input strings to prevent daemon crashes until a patch is available. As a temporary workaround, consider implementing input validation to limit the length of strings passed to the daemon.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ezserver