NA
CVSSv3

CVE-2013-5680

CVSSv4: NA | CVSSv3: NA | CVSSv2: 6.8 | VMScore: 780 | EPSS: 0.37531 | KEV: Not Included
Published: 06/04/2014 Updated: 21/11/2024

Vulnerability Summary

Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 up to and including 5.5.3, when using LDAP authentication, might allow remote malicious users to cause a denial of service (child hang) or execute arbitrary code via a long USER command.

Vulnerable Product Search on Vulmon Subscribe to Product

lee howard hylafax+ 5.2.4

lee howard hylafax+ 5.2.5

lee howard hylafax+ 5.2.6

lee howard hylafax+ 5.2.7

lee howard hylafax+ 5.2.8

lee howard hylafax+ 5.2.9

lee howard hylafax+ 5.3.0

lee howard hylafax+ 5.4.1

lee howard hylafax+ 5.4.2

lee howard hylafax+ 5.5.0

lee howard hylafax+ 5.5.1

lee howard hylafax+ 5.5.2

lee howard hylafax+ 5.5.3

Exploits

Details =========================================================== Application: "HylaFAX+" Version: 524 (April, 2008) through 553 (August 6, 2013) Type: Daemon that manages a fax server via an FTP-like protocol Vendor / Maintainer: Lee Howard (faxguy _at_ howardsilvancom) Project Homepage: hylafaxsourceforgenet/ Vulnerability: CWE-1 ...
HylaFAX+ versions 524 through 553 suffer from a buffer overflow vulnerability The code path for authenticating users via LDAP allocates a 255-byte buffer (via the C++ "new" operator), and then "strcats" user-supplied data buffered from the inbound FTP control channel Other code limits the amount of copied data to 506 bytes, and truncates on N ...