Description
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Dennis Jenkins · textdoslinux
https://www.exploit-db.com/exploits/28683
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://hylafax.sourceforge.net/news/5.5.4.php
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/528943
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/28683
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/62729
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1029119
Scores
EPSS
0.3279
EPSS Percentile
96.9%
Details
CWE
CWE-119
Status
published
Products (13)
lee_howard/hylafax\+
5.2.4
lee_howard/hylafax\+
5.2.5
lee_howard/hylafax\+
5.2.6
lee_howard/hylafax\+
5.2.7
lee_howard/hylafax\+
5.2.8
lee_howard/hylafax\+
5.2.9
lee_howard/hylafax\+
5.3.0
lee_howard/hylafax\+
5.4.1
lee_howard/hylafax\+
5.4.2
lee_howard/hylafax\+
5.5.0
... and 3 more
Published
Apr 06, 2014
Tracked Since
Feb 18, 2026