CVE-2021-47798

NoteBurner · Multiple Products

NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field, allowing attackers to trigger an application crash via a 6000-byte payload.

Executive summary

A critical buffer overflow vulnerability in NoteBurner 2.35 allows unauthenticated attackers to cause an application crash through malicious input.

Vulnerability

This is a buffer overflow vulnerability triggered by injecting an oversized 6000-byte payload into the application's 'Name' and 'Code' license fields. The vulnerability can be exploited by an unauthenticated attacker to destabilize the application.

Business impact

The CVSS score of 9.8 reflects the high potential for service disruption. While the current impact is limited to application crashes, such vulnerabilities can sometimes be leveraged for arbitrary code execution, leading to potential system compromise or data loss.

Remediation

Immediate Action: Update to the latest available version of the NoteBurner software as specified by the vendor's security advisory.

Proactive Monitoring: Review application logs for unexpected crashes or error patterns coinciding with license registration attempts.

Compensating Controls: Restrict access to the application's registration interface if possible, and ensure the host system is protected by endpoint security solutions.

Exploitation status

Public Exploit Available: None

Analyst recommendation

Given the critical severity score, administrators should prioritize updating affected NoteBurner installations immediately. Failure to patch leaves the application susceptible to denial-of-service attacks that could impact operational continuity.