| Titel | **Multiple Stack-Based Buffer Overflow Vulnerabilities in Hospital Management System** v1.0 Buffer Overflow |
|---|
| Beschreibung | A stack-based buffer overflow vulnerability exists in the add_item function of the PRODUCT_MANAGEMENT_SYSTEM. The vulnerability arises from the use of the unsafe gets() function to populate fixed-size character arrays (name[30] and disease[30]) within the x[100] array. Since gets() does not perform bounds checking, input longer than 29 characters will overflow the buffers.
This overflow can corrupt adjacent memory on the stack, including other patient records within the array, saved registers, local variables, and even the function's return address. As a result, attackers may exploit this flaw to cause a denial of service (DoS) or execute arbitrary code through crafted inputs. |
|---|
| Quelle | ⚠️ https://github.com/zzzxc643/cve/blob/main/Hospital%20Management%20System.md |
|---|
| Benutzer | zzzxc (UID 81185) |
|---|
| Einreichung | 29.04.2025 07:23 (vor 12 Monaten) |
|---|
| Moderieren | 09.05.2025 14:43 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 308215 [code-projects Simple Hospital Management System 1.0 Add Information add x[i].name/x[i].disease Pufferüberlauf] |
|---|
| Punkte | 20 |
|---|