Vulnerabilities > CVE-2023-25267 - Out-of-bounds Write vulnerability in GFI Kerio Connect 9.4.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

gfi

CWE-787

NVD

Published: 2023-03-15

Updated: 2023-03-24

Summary

An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI.

Vulnerable Configurations

Part	Description	Count
Application	Gfi GFI Kerio Connect 9.4.1	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://support.kerioconnect.gfi.com/hc/en-us/articles/9044634878226-Kerio-Connect-10-0-0-Release-Notes
https://gist.github.com/Frycos/62fa664bacd19a85235be19c6e4d7599