CVE-2024-33434

Published: May 7, 2024

Modified: Apr 3, 2026

PUBLISHED

Description

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/tiagorlampert/CHAOS/pull/95

https://gist.github.com/slimwang/d1ec6645ba9012a551ea436679244496

https://web.archive.org/web/20240406061035/https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-33434

Description

Affected Products

References