CVE-2020-7881 HIGH

CVE-2020-7881: AfreecaTV streamer service stack-based buffer overflow

Vendor Afreecatv
Product afreecatvstreamer.exe
Weakness CWE-190
Published November 26, 2021
Last update August 4, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length.

Key dates

02Disclosure timeline

November 26, 2021 CVE published
August 4, 2024 Record updated