CVE-2017-15950

Published: Oct 31, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode.

Affected (1)

Products: Flexense: Syncbreeze

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Flexense Syncbreeze	Version 10.1.16

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

http://packetstormsecurity.com/files/162008/SyncBreeze-10.1.16-Buffer-Overflow.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2017/Oct/64

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/162008/SyncBreeze-10.1.16-Buffer-Overflow.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2017/Oct/64

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.