Description
Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality
Published: 2026-05-22
Score: 7.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow in the chat message parsing logic of Easy Chat Server 3.1. A remote attacker can send a specially crafted message that overflows a stack buffer, exposing sensitive information and allowing arbitrary code execution as the server process. The flaw falls under CWE‑120 and compromises both confidentiality and integrity, giving the attacker complete control over the server and potentially the underlying host.

Affected Systems

Products affected are instances of Easy Chat Server version 3.1. No earlier or later versions are publicly identified as vulnerable. Customers running this exact version are exposed; no vendor labels are available in the advisory.

Risk and Exploitability

The attack vector is remote over the network using the standard message endpoint. EPSS data is not available, but the absence of a patch and the remote nature of the exploit mean that an attacker with network access could potentially trigger the overflow at any time. The vulnerability is not listed in CISA’s KEV catalog, and its CVSS score of 7.3 reflects high severity, underscoring a significant risk for any deployed instance.

Generated by OpenCVE AI on May 22, 2026 at 19:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an up‐to‐date patch or upgrade to a version of Easy Chat Server that fixes the message parsing routine.
  • If no patch is available, restrict inbound traffic so that only trusted clients can reach the server and drop or block packets larger than the maximum permitted message size at the network or firewall level.
  • Add an application‑level validation layer that checks incoming chat messages for size limits and acceptable formatting before they are processed by the server.

Generated by OpenCVE AI on May 22, 2026 at 19:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 20:15:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Buffer Overflow in Easy Chat Server 3.1

Fri, 22 May 2026 18:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Buffer Overflow in Easy Chat Server 3.1

Fri, 22 May 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-22T17:38:26.966Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36228

cve-icon Vulnrichment

Updated: 2026-05-22T17:38:22.838Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T20:00:13Z

Weaknesses