Submit #566526: MOVIE TICKET BOOKING SYSTEM Buffer Overflow in Password Authentication Function v1.0 Buffer Overflowinfo

TitleMOVIE TICKET BOOKING SYSTEM Buffer Overflow in Password Authentication Function v1.0 Buffer Overflow
DescriptionA stack-based buffer overflow vulnerability exists in the `changeprize` function of the `PRODUCT_MANAGEMENT_SYSTEM`. The vulnerability is caused by the use of `scanf("%s", &pass)` to read user input into a fixed-size buffer `pass[10]`, which can only safely hold 9 characters plus a null terminator. Since `scanf("%s")` does not enforce any length restriction, input of 10 or more bytes will overflow the buffer. This overflow can lead to memory corruption, overwriting the adjacent hard-coded password buffer `pak[10]`, and potentially tampering with the function’s return address depending on the stack layout. This flaw can be exploited to cause a denial of service (DoS) or execute arbitrary code.
Source⚠️ https://github.com/zzzxc643/cve/blob/main/MOVIE_TICKET_BOOKING_SYSTEM.md
User
 zzzxc (UID 81185)
Submission04/28/2025 09:04 (1 Year ago)
Moderation05/09/2025 13:41 (11 days later)
StatusDuplicate
VulDB entry306505 [code-projects Simple Movie Ticket Booking System 1.0 changeprize stack-based overflow]
Points0

Want to know what is going to be exploited?

We predict KEV entries!