Vulnerabilities > CVE-2025-2263 - Out-of-bounds Write vulnerability in Santesoft Sante Pacs Server 4.1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |