| Title | Davide Faconti BehaviorTree 4.7.0 / master commit 8d47d39 Stack-based Buffer Overflow |
|---|
| Description | BehaviorTree.CPP version 4.7.0 (master commit 8d47d39) contains a stack-buffer-overflow vulnerability in the script parser.
The vulnerable function ParseScript() (in src/script_parser.cpp) allocates a fixed-size buffer on the stack. The buffer is used to store diagnostic messages produced by ErrorReport. However, these messages can exceed 2048 bytes in length, which causes writes beyond the bounds of error_msgs_buffer. This results in a stack-buffer-overflow, confirmed by AddressSanitizer. |
|---|
| Source | ⚠️ https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1006 |
|---|
| User | sand (UID 90194) |
|---|
| Submission | 09/14/2025 10:36 (7 months ago) |
|---|
| Moderation | 09/26/2025 08:34 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325955 [BehaviorTree up to 4.7.0 Diagnostic Message /src/script_parser.cpp ParseScript error_msgs_buffer stack-based overflow] |
|---|
| Points | 20 |
|---|