CVE-2024-25003

HIGH

KiTTY <0.76.1.13 - Buffer Overflow

Title source: llm

Description

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC

by DEFCESCO · pythonlocalwindows

https://www.exploit-db.com/exploits/51890

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Feb/13

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Feb/14

[Exploit, Third Party Advisory] https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html

Scores

CVSS v3 7.8

EPSS 0.0075

EPSS Percentile 73.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

9bis/kitty < 0.76.1.13

Published Feb 09, 2024

Tracked Since Feb 18, 2026