Sign In
Advisories

SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow

Go Back
severity
critical
date
Affecting

  • SOUND4 LinkAndShare Transmitter 1.1.2

CWE
  • CWE-134 Use of Externally-Controlled Format String
CVSS
9.3
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Credit
LiquidWorm as Gjoko Krstic of Zero Science Lab
Description
SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application.