提出 #855110: Tomato by Shibby Tomato Firmware 1.28 Stack-based Buffer Overflow情報

タイトルTomato by Shibby Tomato Firmware 1.28 Stack-based Buffer Overflow
説明All three apcupsd CGI programs share a common getupsvar() function that retrieves UPS status data from the apcupsd daemon via TCP port 3551. For 31 out of 37 recognized field names (those with internal flag v11 == 1), the function extracts the field value using: sscanf(line_ptr, "%*s %*s %s", caller_buffer); The %s format specifier has no field-width limiter and writes unlimited bytes until whitespace. The caller-supplied buffer size parameter (a4) is present in the function signature but completely ignored in this code path. Typical callers pass 64-byte stack buffers.
ソース⚠️ https://gitee.com/Fengyi-Wang/CVE/issues/IJTQ5M
ユーザー
 Anonymous User
送信2026年06月10日 15:53 (1 月 ago)
モデレーション2026年07月12日 23:01 (1 month later)
ステータス承諾済み
VulDBエントリ377894 [Shibby Tomato 迄 1.28.0000 apcupsd tomatodata.cgi getupsvar フィールド メモリ破損]
ポイント20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!