| タイトル | libretro RetroArch v1.20.0/v1.19.0/v1.18.0 Out-of-Bounds Read |
|---|
| 説明 | Title:
Out-of-Bounds Read in filestream_vscanf() of libretro RetroArch due to Missing sscanf() Result Check
Description:
A vulnerability in the filestream_vscanf() function of libretro's RetroArch (latest version at time of reporting) allows an attacker to trigger an out-of-bounds read due to improper handling of the return value from sscanf(). Specifically, the code fails to verify whether sscanf() returns 0, which results in the use of an uninitialized or attacker-controlled sublen value. This variable is used to increment a buffer iterator (bufiter), leading to out-of-bounds memory access.
An attacker can exploit this by crafting malicious format strings such as %*d%s or %d%*d%s, which can either leave sublen uninitialized or influence its value directly, enabling controlled memory leaks. This could expose sensitive data or lead to application instability. Found by Simcha Kosman
Affected Component:
filestream_vscanf() in libretro-common/streams/file_stream.c - https://github.com/libretro/RetroArch/blob/6c7522fef85825a1e376d5c11828f59134fda8d3/libretro-common/streams/file_stream.c#L298
Fixed At:
https://github.com/libretro/RetroArch/pull/17555 |
|---|
| ユーザー | simkca (UID 81003) |
|---|
| 送信 | 2025年07月17日 12:03 (9 月 ago) |
|---|
| モデレーション | 2025年08月19日 07:31 (1 month later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 320516 [libretro RetroArch 1.18.0/1.19.0/1.20.0 file_stream.c filestream_vscanf 情報漏えい] |
|---|
| ポイント | 17 |
|---|