Vulnerabilities > CVE-2020-7881 - Out-of-bounds Write vulnerability in Afreecatv 1.0.0.1

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
afreecatv
CWE-787

Summary

The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length.

Vulnerable Configurations

Part Description Count
Application
Afreecatv
1
OS
Microsoft
1

Common Weakness Enumeration (CWE)