| शीर्षक | Open Source libzvbi 0.2.43 Integer Overflow -> Heap Overflow (_vbi_strndup_iconv) |
|---|
| विवरण | The function _vbi_strndup_iconv has an integer overflow vulnerability that could result in an under allocation and a crash.
char *_vbi_strndup_iconv(unsigned long *out_size, const char *dst_codeset,const char *src_codeset, const char * src, unsigned long src_size, int repl_char)
{
if (same_codeset (dst_codeset, src_codeset)) {
return strndup_identity (out_size, src, src_size);
} ...
}
static char *strndup_identity(unsigned long *out_size, const char *src, unsigned long src_size)
{
char *buffer;
buffer = vbi_malloc (src_size + 4); // src_size is user controlled and LONG_MAX + 4 would result in an under allocation
if (NULL == buffer) {
if (NULL != out_size)
*out_size = 0;
return NULL;
}
memcpy (buffer, src, src_size); // copying a greater amount of bytes than the size of the under allocated buffer due to the arithmetic operation in malloc
memset (buffer + src_size, 0, 4);
if (NULL != out_size)
*out_size = src_size;
return buffer;
} |
|---|
| उपयोगकर्ता | ninpwn (UID 82253) |
|---|
| सबमिशन | 03/03/2025 11:18 AM (1 वर्ष पहले) |
|---|
| संयम | 11/03/2025 07:06 AM (8 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 299204 [libzvbi तक 0.2.43 _vbi_strndup_iconv बफ़र ओवरफ़्लो] |
|---|
| अंक | 17 |
|---|