CVE-2023-54330
Published: 13 January 2026
Summary
CVE-2023-54330 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Inbit Inbit Messenger. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces bounds checking and validation of incoming network packets to prevent the stack-based buffer overflow from malformed data.
Provides memory safeguards such as DEP and ASLR to block SEH overwrite and arbitrary code execution even if overflow occurs.
Requires identification, reporting, and correction of the specific buffer overflow flaw, including applying vendor patches when available.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2023-54330 is a remote, unauthenticated buffer overflow in a network-facing messenger application, enabling arbitrary code execution, which directly maps to exploitation of public-facing applications.
NVD Description
Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targeting the messenger's network handler to overwrite…
more
the Structured Exception Handler (SEH) and execute shellcode on vulnerable Windows systems.
Deeper analysisAI
CVE-2023-54330 is a remote stack-based buffer overflow vulnerability (CWE-121, CWE-787) affecting Inbit Messenger versions 4.6.0 through 4.9.0. The flaw resides in the messenger's network handler on vulnerable Windows systems, where insufficient bounds checking on incoming network packets leads to a buffer overflow. This critical issue, assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), was published on 2026-01-13.
Unauthenticated attackers can exploit this vulnerability remotely by crafting and sending specially designed malformed network packets. The payload targets the stack to overwrite the Structured Exception Handler (SEH), enabling arbitrary code execution and shellcode deployment on the affected system. No user interaction or privileges are required, making it highly accessible over the network.
Advisories and resources, including those from Vulncheck and public exploit writeups on Exploit-DB (exploit 51126) and GitHub repositories by a-rey, detail the vulnerability and provide proof-of-concept exploits. An archived review of Inbit Messenger Basic Edition is also referenced, though specific patch availability or mitigation steps are not outlined in the core CVE details. Security practitioners should consult these references for technical deep dives and exploit reproductions.
Details
- CWE(s)