TeamSpeak Client 3.1.4 Buffer Overflow

TeamSpeak client version 3.1.4 suffers from a buffer overflow vulnerability.


MD5 | 1f1a3b3338d2e5fb5928af1b782cc97d

#################################################################################################
#
# Title : TeamSpeak Client v3.1.4 - Buffer Overflow Vulnerability
# Severity : Medium+/High
# Reporter(s) : Christian Galeone
# Software Name : TeamSpeak Client 3.1.4 & TeamSpeak Server 3.0.13.6
# Vendor Home : http://teamspeak.com/
# Date(s) : 25/04/2017 - By Christian Galeone
# Tested in : Win10 - TeamSpeak Client 3.1.4 (12/04/2017 12:36:18) on Windows
# TeamSpeak Server 3.0.13.6 (08/11/2016 09:48:33) on Linux
# CVE(s) : CVE-2017-8290
#
##################################################################################################
#
# Effects:
#
# Client Crash (You) - Windows Clients ONLY.
#
# Note:
#
# For successfully reproduce the Issue, the following chars needs to be inserted inside the Name of a Channel.
#
# PoC:
#
# Insert the following Special Characters (add as much as you can - Copy and Paste x2):
#
# aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
#
# Fix:
#
# - Remove the affected channel from a non-affected OS or remove it using YaTQA.
#
# - Exclude that charset from the standard characters used by TeamSpeak.
#
# - Update the version of your Client and Server -
#
# http://www.teamspeak.com/?page=downloads
#
# Credit(s):
#
# Christian Galeone
#
##################################################################################################

Related Posts