| Title | vivotek SD9364 VVTK-0103f buffer overflow |
|---|
| Description | vivotek SD9364 has stack buffer overflow vulnerability in httpd.The program receives the HTTP message sent by the attacker through the read function at line 77, and obtains the value of the Content-Length field through the code from lines 87 to 90, copying this value into a local variable on the stack. Since there is no length check on the value of the Content-Length field, the attacker can write data of any length to the stack, ultimately causing a stack overflow. |
|---|
| Source | ⚠️ https://yjz233.notion.site/vivotek-SD9364-has-stack-buffer-overflow-vulnerability-in-httpd-c9dabd0511d04093865d1d75110429d1?pvs=4 |
|---|
| User | jylsec (UID 60282) |
|---|
| Submission | 07/31/2024 15:32 (2 years ago) |
|---|
| Moderation | 08/02/2024 23:36 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 273526 [Vivotek SD9364 VVTK-0103f httpd read Content-Length stack-based overflow] |
|---|
| Points | 17 |
|---|