We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-4494

Easy Chat Server Stack-based buffer overflow vulnerability



AssignerINCIBE
Reserved2023-08-23
Published2023-10-04
Updated2024-09-05

Description

Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine.



CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

Default status
0x4002bf6c90

Any version
affected

Credits

Rafael Pedrero 0x4002bf6ce0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products

cve.org CVE-2023-4494

nvd.nist.gov CVE-2023-4494

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-4494
Subscribe to our newsletter to learn more about our work.