Denial of service vulnerability in LAN Messenger

Posted date 07/05/2024

Importance

4 - High

Affected Resources

LAN Messenger, version 3.4.0.

Description

INCIBE has coordinated the publication of a high severity vulnerability affecting LAN Messenger, version 3.4.0, a cross-platform instant messaging application for communication over a local network, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

CVE-2024-4599: 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-400.

Solution

There is no reported solution at this time.

Detail

CVE-2024-4599: remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.

References list

LAN Messenger website

Etiquetas

0day
CNA
Denial of service
Instant messenger
Vulnerability