BufferOverflow in arnoldaldrin/binaries

Valid

Reported on

Aug 29th 2022


Description

Buffer Overflow is most commonly found in languages ​​such as C and C ++, where there is the need for prior definition of the memory size of the buffer to be used. The program calls a gets() function, which does not checks against overflowing the size assigned to buffer. As a result, it is possible to intentionally or unintentionally store more data in the buffer, which will cause a stack based overflow.

Vulnerable code:

#include<stdio.h>
int main()
{
 int n,j,i;
 printf("Enter the no. of processes:");
 gets();
 
.
.
.

Proof of Concept

python -c 'print("A"*5000)' | ./fcfs 

Result:  Segmentation fault (core dumped) 

Impact

  1. Arbitrary code execution and elevation of privilege

  2. DoS (Denial of Service)

Occurrences

We are processing your report and will contact the arnoldaldrin/binaries team within 24 hours. a month ago
Arnold Aldrin assigned a CVE to this report a month ago
Arnold Aldrin gave praise a month ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Arnold Aldrin validated this vulnerability a month ago
Kiran PP has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Arnold Aldrin
a month ago

Maintainer


Arnold Aldrin confirmed that a fix has been merged on be8e7c a month ago
The fix bounty has been dropped
FCFS.c#L6 has been validated
to join this conversation