إرسال #855121: Tomato by Shibby Tomato Firmware Tomato v1.28 RT-N5x MIPSR2 build 132 Max Stack-based Buffer Overflowالمعلومات

عنوانTomato by Shibby Tomato Firmware Tomato v1.28 RT-N5x MIPSR2 build 132 Max Stack-based Buffer Overflow
الوصفsub_407220 renders DNS server information into a JavaScript array. It allocates a fixed 128-byte stack buffer and appends each DNS entry with sprintf(&buf[strlen(buf)], ...) in a loop. The number of entries is taken from get_dns(), and the function does not verify that the accumulated string still fits in the destination buffer. char buf[128]; dns = get_dns(); strcpy(buf, "\ndns = ["); for (i = 0; i < dns[0]; ++i) { size_t len = strlen(buf); char *ip = inet_ntoa((struct in_addr)dns[2 * i + 1]); sprintf(&buf[len], "%s'%s:%u'", i ? "," : "", ip, port); } strcat(buf, "];\n"); web_puts(buf); With 8 ordinary DNS entries, the generated string reaches approximately 146 bytes before the final NUL terminator, exceeding the 128-byte stack buffer.
المصدر⚠️ https://gitee.com/Fengyi-Wang/CVE/issues/IJTQ5R
المستخدم
 Cormac315 (UID 97273)
ارسال10/06/2026 04:08 PM (1 شهر منذ)
الاعتدال12/07/2026 11:01 PM (1 month later)
الحالةتمت الموافقة
إدخال VulDB377898 [Shibby Tomato حتى 1.28.0000 DNS List Rendering /usr/sbin/httpd sub_407220 تلف الذاكرة]
النقاط20

Want to know what is going to be exploited?

We predict KEV entries!