CVE-2013-5680
published 2014-04-06CVE-2013-5680: Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service…
PriorityP344medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
7.85%
94.0th percentile
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
| lee_howard | hylafax | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_debian6.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Lee Howard HylaFAX+ up to 5.4.2 LDAP Authentication memory corruption (EDB-28683 / Nessus ID 76348)
vuldb·2026-05-09·CVSS 6.8
CVE-2013-5680 [MEDIUM] Lee Howard HylaFAX+ up to 5.4.2 LDAP Authentication memory corruption (EDB-28683 / Nessus ID 76348)
A vulnerability classified as critical was found in Lee Howard HylaFAX+ up to 5.4.2. This impacts an unknown function of the component LDAP Authentication. Such manipulation leads to memory corruption.
This vulnerability is listed as CVE-2013-5680. The attack may be performed from remote. In addition, an exploit is available.
GHSA
GHSA-429p-2j54-mp97: Heap-based buffer overflow in hfaxd in HylaFAX+ 5
ghsa_unreviewed·2022-05-17
CVE-2013-5680 [MEDIUM] CWE-119 GHSA-429p-2j54-mp97: Heap-based buffer overflow in hfaxd in HylaFAX+ 5
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command.
Debian
CVE-2013-5680: hylafax - Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using ...
vendor_debian·2013·CVSS 6.8
CVE-2013-5680 [MEDIUM] CVE-2013-5680: hylafax - Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using ...
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
Bugzilla
CVE-2013-5680 hylafax+: heap overflow in HylaFAXServer::ldapCheck triggered by long user name
bugzilla·2013-10-01·CVSS 6.8
CVE-2013-5680 [MEDIUM] CVE-2013-5680 hylafax+: heap overflow in HylaFAXServer::ldapCheck triggered by long user name
CVE-2013-5680 hylafax+: heap overflow in HylaFAXServer::ldapCheck triggered by long user name
Hylafax, an enterprise-class open-source system for sending and receiving facsimiles as well as for sending alpha-numeric pages, was found to have a heap overflow vulnerability, which could allow a remote attacker to crash the hfaxd forked client.
Quoting Dennis Jenkins's Bugtraq post:
Hylafax+ contains a daemon, hfaxd, that allows a "fax client" to communicate with the fax server to submit fax jobs etc. The code path for authenticating users via LDAP allocates a 255-byte buffer, and then "strcats" user-supplied data buffered from the inbound FTP control channel. Other code limits the amount of copied data to 506 bytes, and truncates on NULL and "\n". Thus it is possible for an unauthenticated
Bugzilla
CVE-2013-5680 hylafax+: heap overflow, unchecked network traffic. [epel-all]
bugzilla·2013-10-01·CVSS 6.8
CVE-2013-5680 [MEDIUM] CVE-2013-5680 hylafax+: heap overflow, unchecked network traffic. [epel-all]
CVE-2013-5680 hylafax+: heap overflow, unchecked network traffic. [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue
Bugzilla
CVE-2013-5680 hylafax+: heap overflow, unchecked network traffic. [fedora-all]
bugzilla·2013-10-01·CVSS 6.8
CVE-2013-5680 [MEDIUM] CVE-2013-5680 hylafax+: heap overflow, unchecked network traffic. [fedora-all]
CVE-2013-5680 hylafax+: heap overflow, unchecked network traffic. [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue af
http://hylafax.sourceforge.net/news/5.5.4.phphttp://securitytracker.com/id?1029119http://www.exploit-db.com/exploits/28683http://www.securityfocus.com/archive/1/528943http://www.securityfocus.com/bid/62729http://hylafax.sourceforge.net/news/5.5.4.phphttp://securitytracker.com/id?1029119http://www.exploit-db.com/exploits/28683http://www.securityfocus.com/archive/1/528943http://www.securityfocus.com/bid/62729
2014-04-06
Published