Remote Denial of Service Vulnerability in SyncBreeze Enterprise by SyncBreeze
CVE-2017-17088

7.5HIGH

Key Information:

Vendor: Flexense
Status: Syncbreeze
Vendor: CVE Published:; 19 December 2017

What is CVE-2017-17088?

The Enterprise version of SyncBreeze, up to and including 10.2.12, suffers from a Remote Denial of Service vulnerability. This arises from inadequate bounds checking when processing server requests in the Host header during connection attempts. Exploiting this flaw can lead to a buffer overflow, causing the affected service to become unavailable.

References

https://www.exploit-db.com/exploits/43344/

exploitx_refsource_EXPLOIT-DB

http://seclists.org/fulldisclosure/2017/Dec/45

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/145435/Sync-Breeze-1...

x_refsource_MISC

EPSS Score

30% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2017
Vulnerability Reserved
Dec 1, 2017

Flexense

What is CVE-2017-17088?

References

EPSS Score

CVSS V3.1

Timeline