| 제목 | Open Source libzvbi 0.2.43 Integer Overflow -> Heap Overflow (_vbi_strndup_iconv) |
|---|
| 설명 | The function _vbi_strndup_iconv has an integer overflow vulnerability that could result in an under allocation and a crash.
char *_vbi_strndup_iconv(unsigned long *out_size, const char *dst_codeset,const char *src_codeset, const char * src, unsigned long src_size, int repl_char)
{
if (same_codeset (dst_codeset, src_codeset)) {
return strndup_identity (out_size, src, src_size);
} ...
}
static char *strndup_identity(unsigned long *out_size, const char *src, unsigned long src_size)
{
char *buffer;
buffer = vbi_malloc (src_size + 4); // src_size is user controlled and LONG_MAX + 4 would result in an under allocation
if (NULL == buffer) {
if (NULL != out_size)
*out_size = 0;
return NULL;
}
memcpy (buffer, src, src_size); // copying a greater amount of bytes than the size of the under allocated buffer due to the arithmetic operation in malloc
memset (buffer + src_size, 0, 4);
if (NULL != out_size)
*out_size = src_size;
return buffer;
} |
|---|
| 사용자 | ninpwn (UID 82253) |
|---|
| 제출 | 2025. 03. 03. AM 11:18 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 11. AM 07:06 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 299204 [libzvbi 까지 0.2.43 _vbi_strndup_iconv 메모리 손상] |
|---|
| 포인트들 | 17 |
|---|