CVE-2013-3843

Monkey < 1.2.0 - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/monkey_headers.rb

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2013-06/0015.html

[Various Sources] http://bugs.monkey-project.com/ticket/182

[Vendor Advisory] http://monkey-project.com/Announcements/v1.2.1

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/84755

[Issue Tracking] https://github.com/monkey/monkey/issues/88

[Third Party Advisory] http://secunia.com/advisories/53697

Scores

EPSS 0.4015

EPSS Percentile 97.4%

Details

CWE

CWE-119

Status published

Products (1)

monkey-project/monkey < 1.2.0

Published Jun 13, 2014

Tracked Since Feb 18, 2026