본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7881 | AfreecaTV streamer service stack-based buffer overflow2021.11.25
□ Overview
 o AfreecaTV Co.,Ltd released security update to address stack-d buffer overflow vulnerability in streamer service.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
stack-d buffer overflow remote code execution High 7.5 CVE-2020-7881

□ Description
 o The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port.
 o A stack-d buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field.
It is because of stored data without validation of length.

□ Affected Product
Affected Product
Product Version Platform
afreecatvstreamer.exe 1.0.0.1 Windows

□ Solution
 o Update software over afreecatvstreamer.exe 2020.09.24 or higher.

□ Reference
 [1] https://afreecatv.com

□ Etc
 o Thanks to Gyuho Lee for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀