CVE-2024-25003
CVE-2024-25003
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
cve_referencepacketstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.htmlno verificadocve_referencepacketstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.htmlno verificadoexploitdbwww.exploit-db.com/exploits/51890no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.htmlhttp://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.htmlhttps://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004http://seclists.org/fulldisclosure/2024/Feb/13http://seclists.org/fulldisclosure/2024/Feb/14