What is CVE-2017-9544?

CVE-2017-9544 is a critical-severity vulnerability in Echatserver Easy_chat_server, classified under Out-of-bounds Write. CVSS score: 9.8/10. Published 2017-06-12.

How severe is CVE-2017-9544?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2017-9544 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Echatserver Easy_chat_server

CVE-2017-9544

There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to ex…

Vulnerability class: Buffer Overflow

EPSS: 0.796 (99.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Echatserver Easy_chat_server
N/a — versions n/a

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

Public proof-of-concept exploits

References

cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2017-9544?: CVE-2017-9544 is a critical-severity vulnerability in Echatserver Easy_chat_server, classified under Out-of-bounds Write. CVSS score: 9.8/10. Published 2017-06-12.
How severe is CVE-2017-9544?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2017-9544 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.