o AfreecaTV Co.,Ltd released security update to address stack-d buffer overflow vulnerability in streamer service.
|stack-d buffer overflow
||remote code execution
o The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port.
o A stack-d buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field.
It is because of stored data without validation of length.
□ Affected Product
o Update software over afreecatvstreamer.exe 2020.09.24 or higher.
o Thanks to Gyuho Lee for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀