[原文]Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags.
Gyach Enhanced util.c strip_html_tags() Function Overflow
Remote / Network Access
Denial of Service,
Loss of Integrity,
Loss of Availability
A remote overflow exists in Gyach Enhanced. The strip_html_tags() function fails to properly check for end of line resulting in a buffer overflow. With a specially crafted request, an attacker can cause the application to crash or execute arbitrary code resulting in a loss of integrity or availability>.
Upgrade to version 1.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.