Description
Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Ariel Berkman · textremotemultiple
https://www.exploit-db.com/exploits/24980
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_misc
http://tigger.uic.edu/~jlongs2/holes/yanf.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18615
Scores
EPSS
0.0380
EPSS Percentile
88.1%
Details
Status
published
Products (1)
yanf/yanf
0.4
Published
Jan 10, 2005
Tracked Since
Feb 18, 2026