CVE-2024-25004

HIGH

KiTTY <0.76.1.13 - Buffer Overflow

Title source: llm

Description

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC

by DEFCESCO · pythonlocalwindows

https://www.exploit-db.com/exploits/51891

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html

[Exploit, Mailing List] http://seclists.org/fulldisclosure/2024/Feb/13

[Exploit, Mailing List] http://seclists.org/fulldisclosure/2024/Feb/14

[Exploit, Third Party Advisory] https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html

Scores

CVSS v3 7.8

EPSS 0.0061

EPSS Percentile 69.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

9bis/kitty < 0.76.1.13

Published Feb 09, 2024

Tracked Since Feb 18, 2026