Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter
Vulnerability Description
EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
跨界内存写
Vulnerability Title
EChat Server 缓冲区错误漏洞
Vulnerability Description
EChat Server是EChat Server公司的一个支持即时通信与消息转发的服务器端聊天系统。 EChat Server 3.1版本存在缓冲区错误漏洞,该漏洞源于chat.ghp端点存在缓冲区溢出,可能导致远程攻击者通过提供超大用户名参数执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A