BufferOverflow in arnoldaldrin/binaries


Reported on

Aug 29th 2022


Buffer Overflow is most commonly found in languages ​​such as C and C ++, where there is the need for prior definition of the memory size of the buffer to be used. The program calls a gets() function, which does not checks against overflowing the size assigned to buffer. As a result, it is possible to intentionally or unintentionally store more data in the buffer, which will cause a stack based overflow.

Vulnerable code:

int main()
 int n,j,i;
 printf("Enter the no. of processes:");

Proof of Concept

python -c 'print("A"*5000)' | ./fcfs 

Result:  Segmentation fault (core dumped) 


  1. Arbitrary code execution and elevation of privilege

  2. DoS (Denial of Service)


We are processing your report and will contact the arnoldaldrin/binaries team within 24 hours. a month ago
Arnold Aldrin assigned a CVE to this report a month ago
Arnold Aldrin gave praise a month ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Arnold Aldrin validated this vulnerability a month ago
Kiran PP has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Arnold Aldrin
a month ago


Arnold Aldrin confirmed that a fix has been merged on be8e7c a month ago
The fix bounty has been dropped
FCFS.c#L6 has been validated
to join this conversation