-
Notifications
You must be signed in to change notification settings - Fork 424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stack-buffer-overflow in libcoap #1310
Comments
@msxfXF Thank you for raising this. I can see how there is a potential issue, but cannot reproduce what you are seeing. I am seeing (because there appears to be a '\000' immediately after Data)
What version of libcoap are you using?
How did you build the libcoap library?
|
@mrdeep1
|
Issue was with handling \r (carriage-return) (i.e. DOS format) in configuration file for a comment line, or empty line. Please confirm that #1311 fixes what you found. |
Thanks for your work #1311 , it's now working fine. |
Note: This is only locally exploitable (local configuration file is in DOS format, not Unix format that application reads at start-up), can cause the application to crash (but unlikely as it can potentially only read a limited number of characters past the end of the configuration buffer), there is no buffer overwrite and hence execution of arbitrary code. |
Tag v4.3.4a has been created which includes the fix for CVE-2024-0962. |
Hello, I encountered some problems when reproducing your work. The crash file be copied directly or what? If so, could you please send the crash file to me by email? My email address is [email protected]. Thank you very much~~ |
The configuration file that caused the crash is documented above. This file needs to be in dos format on a unix based system. |
It works, thank you a lot~ |
Environment
Report
Stack-buffer-overflow in libcoap.
Unspecified version (additional versions could also be affected).
CWE-121: Stack Based Buffer Overflow
Libcoap
Local.
Potential code execution, crash, etc. Permit the attacker to execute arbitrary code on affected installations.
Overflow occurs in the handling of an input file in
coap_new_oscore_conf()
function. Proper boundary checking of the input file can provide a potential fix.file overflow-1.c
file: crash0
Command:
./overflow-1 ./crash0
.Screenshot:
The text was updated successfully, but these errors were encountered: