Two heap-based buffer overflow vulnerabilities exist in...
Critical severity
Unreviewed
Published
Oct 11, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Oct 11, 2023
Published to the GitHub Advisory Database
Oct 11, 2023
Last updated
Apr 4, 2024
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.
References