CVE-2023-35966

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 11, 2023

Updated: Oct 12, 2023

CWE ID 787

CWE ID 190

Summary

CVE-2023-35966 is a newly disclosed vulnerability in the Yifan YF325 v1.0_20221108 httpd manage_post functionality. This issue involves two heap-based buffer overflow vulnerabilities that can be triggered by a specially crafted network request. An attacker can exploit these vulnerabilities by sending an oversized request, leading to a heap buffer overflow. The integer overflow result is subsequently used as an argument for the realloc function, potentially allowing an attacker to execute arbitrary code or cause a denial-of-service condition.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s-Dxf4
https://www.cve.org/CVERecord?id=CVE-2023-35966
https://nvd.nist.gov/vuln/detail/CVE-2023-35966

Back to Vulnerability Database

CVE-2023-35966

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations