CoreHTTP Http.C Buffer Overflow Vulnerability
BID:25120
Info
CoreHTTP Http.C Buffer Overflow Vulnerability
| Bugtraq ID: | 25120 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 29 2007 12:00AM |
| Updated: | Jul 30 2007 10:55PM |
| Credit: | vade79/v9 is credited with the discovery of this issue. |
| Vulnerable: |
CoreHTTP CoreHTTP 0.5.3 alpha |
| Not Vulnerable: | |
Discussion
CoreHTTP Http.C Buffer Overflow Vulnerability
CoreHTTP is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
This issue affects CoreHTTP 0.5.3 alpha; other versions may also be affected.
CoreHTTP is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
This issue affects CoreHTTP 0.5.3 alpha; other versions may also be affected.
Exploit / POC
CoreHTTP Http.C Buffer Overflow Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
CoreHTTP Http.C Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].