Menu

#8 potential buffer overflow in auphone.c

v1.0 (example)
closed
nobody
None
5
2021-08-17
2021-08-17
No

Hi, I found some buffer overflow vulnerability in nas-1.9.4.

Below line is code at clients/audio/auphone/auphone.c:360,

360 sprintf(buf, "%s %s %s %s %d %d 1", BUSY, VERSION, (char *) getenv("USER"), server, flow, i);

Since the length of buf is 100 and there is no length check, if a malicious attacker puts a large string to 'USER' environment variable, it can cause stack buffer overflow, which leads to buggy behavior.

Discussion

  • Jon Trulson

    Jon Trulson - 2021-08-17
    • status: open --> closed
     
  • Jon Trulson

    Jon Trulson - 2021-08-17

    Fixed in current master.

     

Log in to post a comment.

Auth0 Logo