CVE-2018-25221

EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter

CVSS 9.3 CRITICALEPSS 0.8%CWE-787

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Echatserver · EChat Server

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/44155unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/44155 https://www.vulncheck.com/advisories/echat-server-buffer-overflow-via-chat-ghp-username-parameter