漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Vinchin Backup & Recovery 9.0.0.86562 Stack Buffer Overflow via ModuleHandShake
Vulnerability Description
Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized _listen_uuid field that is measured via strlen() and copied without bounds checking into a fixed-length stack buffer using strcpy(). Attackers can send a crafted request with a malicious _listen_uuid value to corrupt the stack and achieve process crash or potential control flow hijack without requiring authentication.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
Vinchin Backup & Recovery 缓冲区错误漏洞
Vulnerability Description
Vinchin Backup & Recovery是中国Vinchin公司的一款数据备份与恢复软件。 Vinchin Backup & Recovery 9.0.0.86562及之前版本存在缓冲区错误漏洞,该漏洞源于agentlink_server服务的ModuleHandShake函数中存在栈缓冲区溢出,导致未经身份验证的远程攻击者可通过提供超大的_listen_uuid字段覆盖保存的返回地址,发送特制请求造成进程崩溃或潜在的控制流劫持。
CVSS Information
N/A
Vulnerability Type
N/A