PT-2026-2419 · Inbit · Inbit Messenger
A-Rey
·
Published
2026-01-13
·
Updated
2026-01-30
·
CVE-2023-54329
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Inbit Messenger versions 4.6.0 through 4.9.0
Description
Inbit Messenger versions 4.6.0 through 4.9.0 have a remote command execution issue. Unauthenticated attackers can execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port
10883 with a malicious payload to trigger the issue and execute commands with system privileges.Recommendations
Update Inbit Messenger to a version later than 4.9.0.
Exploit
Fix
Stack Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Inbit Messenger