Stack-based Buffer Overflow Vulnerability in Easy Chat Server 3.1: Remote Code Execution via Long Username String

Stack-based Buffer Overflow Vulnerability in Easy Chat Server 3.1: Remote Code Execution via Long Username String

CVE-2023-4494 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine.

Learn more about our Cis Benchmark Audit For Server Software.