GHSA-34r7-v6pv-xq6vMediumCVSS 6.5

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in...

Published
July 9, 2026
Last Modified
July 9, 2026

🔗 CVE IDs covered (1)

📋 Description

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized _listen_uuid field that is measured via strlen() and copied without bounds checking into a fixed-length stack buffer using strcpy(). Attackers can send a crafted request with a malicious _listen_uuid value to corrupt the stack and achieve process crash or potential control flow hijack without requiring authentication.

🔗 References (5)