Buffer Overflow Vulnerability in XAMPP

Posted date 10/01/2024

Importance

4 - High

Affected Resources

XAMPP, 8.2.4 version and earlier.

Description

INCIBE has coordinated the publication of 1 vulnerability affecting Apachefriends XAMPP, in its 8.2.4 version and earlier, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following base score CVSS v3.1, CVSS vector and vulnerability type CWE:

CVE-2024-0338: CVSS v3.1: 7.3 | CVSS: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | CWE-119.

Solution

The Apachefriends team is working on a fix for the reported vulnerability. It is recommended to download the latest version available (https://www.apachefriends.org/download.html).

Detail

CVE-2024-0338: a buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).

References list

Product sheet

Etiquetas

0day
Update
Apache
CNA
Vulnerability