CWE-120 buffer overflow()
75 views
Skip to first unread message
Dhiraj
May 5, 2018, 2:00:04 PM5/5/18
to honggfuzz
Hi Team,
I found this while going through source code, correct me if i am wrong,
https://github.com/google/honggfuzz/blob/master/display.c#L86
The scanf() family's %s operation, without a limit specification, permits buffer overflows such as (CWE-120, CWE-20).
Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, the hingfuzz it's exploitable.
Request to please have a look and advise.
Cheers!
I found this while going through source code, correct me if i am wrong,
https://github.com/google/honggfuzz/blob/master/display.c#L86
The scanf() family's %s operation, without a limit specification, permits buffer overflows such as (CWE-120, CWE-20).
Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, the hingfuzz it's exploitable.
Request to please have a look and advise.
Cheers!
Dhiraj
May 5, 2018, 2:02:54 PM5/5/18
to honggfuzz
Specify a limit to %s, or use a different input function. If the scanf
format is influenceable by an attacker, the hongfuzz it's exploitable.* (typo error)
Robert Święcki
May 5, 2018, 3:56:45 PM5/5/18
to Dhiraj, honggfuzz
Hi,
PRIx64 will expand to something like %llx or %lx, so it's not %s
--
You received this message because you are subscribed to the Google Groups "honggfuzz" group.
To unsubscribe from this group and stop receiving emails from it, send an email to honggfuzz+unsubscribe@googlegroups.com.
To post to this group, send email to hong...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/honggfuzz/1aa99371-a412-4c40-b9b3-93846a42e1d8%40googlegroups.com.
Robert Święcki
Reply all
Reply to author
Forward
0 new messages