Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hydra - Stack Buffer Overflow in NTLM Authentication Handler
Vulnerability Description
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing base64-encoded response data to overflow a 500-byte stack buffer by 18 to 330 bytes, enabling remote code execution on systems without stack protection.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
vanhauser-thc thc-hydra 缓冲区错误漏洞
Vulnerability Description
vanhauser-thc thc-hydra是vanhauser-thc个人开发者开源的一款网络认证破解工具。 vanhauser-thc thc-hydra 9.7及之前版本存在缓冲区错误漏洞,该漏洞源于处理恶意NTLM Type-2挑战时SMTP、POP3、IMAP、NNTP、HTTP、HTTP-Proxy和HTTP-Proxy-Urlenum模块中的NTLM身份验证存在栈缓冲区溢出,恶意服务器可通过发送包含超长域字符串的特制NTLM Type-2挑战,使base64编码响应数据溢出500字节的栈缓
CVSS Information
N/A
Vulnerability Type
N/A