Project

General

Profile

Actions

Bug #3593

closed

Stack overflow when parsing ERF file

Added by Fakhri Zulkifli almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
low
Label:

Description

Despite the low possibility of potential threat. The unchecked rlen in ReadErfRecord function will cause a stack overflow when the value assigned is below sizeof(DagRecord).

    int rlen = SCNtohs(dr.rlen);
    int wlen = SCNtohs(dr.wlen);
    r = fread(GET_PKT_DATA(p), rlen - sizeof(DagRecord), 1, etv->erf);
    if (r < 1) {

Files

poc.erf (4 KB) poc.erf Fakhri Zulkifli, 04/03/2020 10:39 AM
Actions

Also available in: Atom PDF