[原文]SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service (memory consumption) via a certain packet to the Teacher discovery port that causes SynchronEyes to connect to the attacker's machine and read a value that is used as a parameter to malloc.
SynchronEyes Crafted Packet Memory Consumption DoS
Remote / Network Access
Denial of Service
Loss of Availability
Flaws in the communication handling and the input validation of SMART SynchronEyes can be exploited by an attacker to cause the application to allocate a large amount of memory resources on a vulnerable system, creating a denial of service condition.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.