Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-25004

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.

Published

2024-02-09T07:16:00.930

Last Modified

2025-05-15T20:15:48.197

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-787
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	9bis	kitty	≤ 0.76.1.13	Yes

References

http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html ([email protected])
http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html Third Party Advisory, VDB Entry ([email protected])
http://seclists.org/fulldisclosure/2024/Feb/13 Exploit, Mailing List ([email protected])
http://seclists.org/fulldisclosure/2024/Feb/14 Exploit, Mailing List ([email protected])
https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004 Exploit, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Feb/13 Exploit, Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Feb/14 Exploit, Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)