CVE-2024-25004: Buffer Overflow
First published: Fri Feb 09 2024(Updated: )
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
Credit: cve@mitre.org DEFCESCO
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 9bis Kitty | <=0.76.1.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html
- http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html
- http://seclists.org/fulldisclosure/2024/Feb/13
- http://seclists.org/fulldisclosure/2024/Feb/14
- https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004
- https://www.exploit-db.com/exploits/51891
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/description
- agent/weakness
- agent/severity
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- exploited/true
- collector/exploitdb-recent
- source/ExploitDB
- alias/CVE-2024-25004
- vendor/9bis
- canonical/9bis kitty
- version/9bis kitty/0.76.1.13