5465 Total CVEs
26 Years
GitHub
Home / 2026 / CVE-2026-36228
README.md
Rendering markdown...
POC / PUBLIC-POC.md MD
⬇ Raw GitHub ✕ Close 
# CVE-2026-36228: Easy Chat Server 3.1 Chat Message Denial of Service

## Summary

Easy Chat Server 3.1 contains a denial-of-service vulnerability in chat message handling. After authenticating as a valid user and establishing a chat session, a remote attacker can submit a message request with an oversized `mtowho` recipient field. A payload of approximately 40,000 `A` characters was observed to cause the Easy Chat Server process to terminate unexpectedly.

This repository is for authorized security research and local reproduction only. Do not use it against systems you do not own or have explicit permission to test.

## Discoverer

Vaibhav D. Barkade

## Vulnerable Component

- Vendor/Product: Easy Chat Server
- Affected version: 3.1
- Component: Easy Chat Server Chat Room
- Endpoint: `/body2.ghp`
- Parameter: `mtowho`
- Attack type: Remote
- Impact: Denial of Service

## Impact

An authenticated remote user can cause the chat service process to crash by sending an oversized recipient field in a chat message request. This results in loss of availability for connected users until the service is restarted.

## Reproduction

The PoC is dry-run by default:

```bash
python3 poc.py 127.0.0.1 80
```

To transmit the request against an authorized lab target:

```bash
python3 poc.py 127.0.0.1 80 --send
```

If an authenticated cookie is required:

```bash
python3 poc.py 127.0.0.1 80 --cookie 'SESSIONID=example' --send
```

The default oversized field is:

```text
mtowho=<40,000 A characters>
```

## Expected Result

On a vulnerable Easy Chat Server 3.1 instance, the server process may terminate immediately after processing the oversized chat message request.

## Root Cause

The chat message handler does not safely bound or validate the length of the `mtowho` recipient parameter before processing it.

## Mitigation

Enforce server-side length limits and recipient validation for `mtowho`. Reject oversized request fields before parsing or copying them into fixed-size buffers. Add defensive error handling around chat message processing and deploy the service with process supervision.