CVE-2024-25003
CVE-2024-25003
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · n/aPoCs públicas encontradas — 3
cve_referencepacketstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.htmlnão verificadocve_referencepacketstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/51890não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.htmlhttp://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.htmlhttps://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004http://seclists.org/fulldisclosure/2024/Feb/13http://seclists.org/fulldisclosure/2024/Feb/14