PT-2024-20693 · Kitty · Kitty

Austin A. Defrancesco

Published

2024-02-09

Updated

2024-02-14

CVE-2024-25003

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KiTTY versions 0.76.1.13 and before

Description The issue is a stack-based buffer overflow that occurs via the hostname due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, leading to arbitrary code execution.

Recommendations For KiTTY versions 0.76.1.13 and before, consider disabling the use of hostnames until a patch is available to prevent exploitation of the stack-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2024-25003

Affected Products

Kitty

PT-2024-20693 · Kitty · Kitty

CVE-2024-25003

Weakness Enumeration

Related Identifiers

Affected Products

References · 17