CVE-2017-15950

HIGH

Flexense Syncbreeze - Memory Corruption

Title source: rule

Description

Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode.

Exploits (2)

exploitdb WORKING POC

by Filipe Oliveira · pythonwebappswindows

https://www.exploit-db.com/exploits/49725

View Code ZIP pw:eip

nomisec WORKING POC

by rnnsz · poc

https://github.com/rnnsz/CVE-2017-15950

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/162008/SyncBreeze-10.1.16-Buffer-Overflow.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Oct/64

Scores

CVSS v3 7.8

EPSS 0.1041

EPSS Percentile 93.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

flexense/syncbreeze 10.1.16

Published Oct 31, 2017

Tracked Since Feb 18, 2026