Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AFFLIB多个缓冲区溢出漏洞
Vulnerability Description
AFFLIB是用于操作高级取证格式(AFF)文件的开源函数库。 AFFLIB中存在多个缓冲区溢出漏洞,可能允许攻击者导致取证查看器拒绝服务或执行任意指令。 具体漏洞如下: * LastModified远程栈溢出 * 文件:lib/s3.cpp 行数:113 LastModified字符串通过strcpy(3)拷贝到了固定长度的缓冲区,但最初从XML响应读取字符串时没有执行长度检查,允许恶意的Amazon S3服务器或中间人在S3客户端系统上执行任意指令。111-115行说明了这个问题: /* Make d
CVSS Information
N/A
Vulnerability Type
N/A