Skip to main content

Thc Hydra

1 CVEs product

Monthly

CVE-2026-56766 HIGH POC PATCH This Week

Remote code execution in THC Hydra through 9.7 allows a malicious or attacker-controlled server to compromise the machine running the Hydra brute-force client during NTLM authentication. When Hydra connects to such a server across its SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, or HTTP-Proxy-Urlenum modules, a crafted NTLM Type-2 challenge with an overlong domain string causes the base64-encoded response to overflow a 500-byte stack buffer by 18 to 330 bytes, enabling code execution on hosts lacking stack protection. No public exploit identified at time of analysis, but a vendor patch (commit 9cc84c2) is available, and the issue inverts the usual threat model - the operator of the offensive tool becomes the victim.

Buffer Overflow Stack Overflow RCE Thc Hydra
NVD GitHub VulDB Exploit-DB
CVSS 4.0
8.6
EPSS
0.5%
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Remote code execution in THC Hydra through 9.7 allows a malicious or attacker-controlled server to compromise the machine running the Hydra brute-force client during NTLM authentication. When Hydra connects to such a server across its SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, or HTTP-Proxy-Urlenum modules, a crafted NTLM Type-2 challenge with an overlong domain string causes the base64-encoded response to overflow a 500-byte stack buffer by 18 to 330 bytes, enabling code execution on hosts lacking stack protection. No public exploit identified at time of analysis, but a vendor patch (commit 9cc84c2) is available, and the issue inverts the usual threat model - the operator of the offensive tool becomes the victim.

Buffer Overflow Stack Overflow RCE +1
NVD GitHub VulDB Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy