Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities
Fenice is prone to multiple remote vulnerabilities:
- A buffer-overflow vulnerability. The application fails to perform sufficient bounds checking of user-supplied data before copying it to an insufficiently sized memory buffer. This issue potentially allows remote attackers to execute arbitrary machine code in the context of the affected server process. Failed exploit attempts will likely crash the application, denying service to legitimate users.
- A denial-of-service vulnerability due to an integer-overflow flaw. This issue allows remote attackers to crash the affected application, denying service to legitimate users.
Fenice 1.10 is vulnerable to these issues; other versions may also be affected.