SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the …
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked.
The product allows address regions to overlap, which can result in the bypassing of intended memory protection.
https://cwe.mitre.org/data/definitions/1260.html →Open in CWE collection →An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.
https://capec.mitre.org/data/definitions/456.html →Open in CAPEC collection →https://capec.mitre.org/data/definitions/679.html →Open in CAPEC collection →