Buffer Overflow Vulnerability in XAMPP

Posted date 10/01/2024
4 - High
Affected Resources
  • XAMPP, 8.2.4 version and earlier.

INCIBE has coordinated the publication of 1 vulnerability affecting Apachefriends XAMPP, in its 8.2.4 version and earlier, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following base score CVSS v3.1, CVSS vector and vulnerability type CWE:

  • CVE-2024-0338: CVSS v3.1: 7.3 | CVSS: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | CWE-119.

The Apachefriends team is working on a fix for the reported vulnerability. It is recommended to download the latest version available (https://www.apachefriends.org/download.html).

  • CVE-2024-0338: a buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).
References list