Required CVE Record Information
Description
Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than the plaintext_length value.
References 5 Total
- exchange.xforce.ibmcloud.com: alpass-alpass-db-file-bo(36235) vdb-entry
- exchange.xforce.ibmcloud.com: alpass-apw-bo(36257) vdb-entry
- http://vuln.sg/alpass27-en.html
- secunia.com: 26616 third-party-advisory
- securityfocus.com: 25435 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- exchange.xforce.ibmcloud.com: alpass-alpass-db-file-bo(36235) vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: alpass-apw-bo(36257) vdb-entryx_transferred
- http://vuln.sg/alpass27-en.html x_transferred
- secunia.com: 26616 third-party-advisoryx_transferred
- securityfocus.com: 25435 vdb-entryx_transferred