Описание
Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than the plaintext_length value.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- PatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitThird Party Advisory
- PatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:altools:alpass:2.7:*:*:en:*:*:*:*
cpe:2.3:a:altools:alpass:3.02:*:*:ko:*:*:*:*
EPSS
Процентиль: 93%
0.09598
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-119
Связанные уязвимости
github
почти 4 года назад
Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than the plaintext_length value.
EPSS
Процентиль: 93%
0.09598
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-119