KiTTY vulnerable to stack-based buffer overflow via username
CVE-2024-25004

7.8HIGH

Key Information:

Vendor: KiTTY
Status: Kitty
Vendor: CVE Published:; 9 February 2024

What is CVE-2024-25004?

KiTTY versions up to and including 0.76.1.13 exhibit a vulnerability where a stack-based buffer overflow can be triggered via unsafe input in the username field. This occurs due to a lack of adequate bounds checking and input sanitization at line 2600 of the code. When exploited, this vulnerability enables an attacker to overwrite adjacent memory, potentially allowing for arbitrary code execution. Users should upgrade to patched versions to mitigate the risk associated with this vulnerability.

References

http://packetstormsecurity.com/files/177032/KiTTY-0.76.1....

http://packetstormsecurity.com/files/177031/KiTTY-0.76.1....

https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2024
Vulnerability Reserved
Feb 2, 2024