Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1.
The vulnerability classified as CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write) involves the application writing data beyond the allocated heap area in the mongoose.C source file. An attacker can supply specially crafted input data that will overflow the heap buffer, overwriting adjacent memory areas. Due to the network vector (AV:N) and lack of authentication requirements (PR:N) or user interaction (UI:N), the exploit can be conducted remotely.
Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code (RCE) in the context of the process, and may also affect the confidentiality, integrity and availability of both the attacked system and related systems (high impact on SC/SI/SA according to CVSS 4.0).
Patches available from the vendor should be applied in accordance with the references — patch details available in pull request #515 in the wxhelper project GitHub repository (https://github.com/ttttupup/wxhelper/pull/515). Until the update is applied, it is recommended to restrict network access to services exposed by wxhelper.
The wxhelper application (authored by ttttupup) in all versions up to and including 3.9.10.19-v1, src modules, mongoose.C file.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red