ByteOS Network

NVD Vulnerability Details :

CVE-2023-4491

Analyzed

Source-cve-coordination@incibe.es

Published At-04 Oct, 2023 | 13:15

Updated At-06 Oct, 2023 | 16:23

Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

easy_address_book_web_server_project>>easy_address_book_web_server>>1.6

cpe:2.3:a:easy_address_book_web_server_project:easy_address_book_web_server:1.6:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov
CWE-119	Secondary	cve-coordination@incibe.es

CWE ID: CWE-119

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-119

Type: Secondary

Source: cve-coordination@incibe.es

References

Hyperlink	Source	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products	cve-coordination@incibe.es	Third Party Advisory

Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products

Source: cve-coordination@incibe.es

Resource:

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History