BaoFeng Storm2012 M3U File Buffer Overflow Vulnerability

Bugtraq ID:	39951
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	May 06 2010 12:00AM
Updated:	May 06 2010 12:00AM
Credit:	Lufeng Li and Qingshan Li of Neusoft Corporation
Vulnerable:	BaoFeng Storm2012 3.10.4 8 BaoFeng Storm2012 3.10.4 21 BaoFeng Storm2012 3.10.4 16 BaoFeng Storm2012 3.10.3 17 BaoFeng Storm2012 3.10.2 5 BaoFeng Storm2012 3.10.1 12
Not Vulnerable:

BaoFeng Storm2012 M3U File Buffer Overflow Vulnerability

BaoFeng Storm2012 is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

The issue affects the following:

BaoFeng Storm2012 3.10.4.21
BaoFeng Storm2012 3.10.4.16
BaoFeng Storm2012 3.10.4.8
BaoFeng Storm2012 3.10.3.17
BaoFeng Storm2012 3.10.2.5
BaoFeng Storm2012 3.10.1.12

Other versions may also be vulnerable.

BaoFeng Storm2012 M3U File Buffer Overflow Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/39951.py

BaoFeng Storm2012 M3U File Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

BaoFeng Storm2012 M3U File Buffer Overflow Vulnerability

References:

• BaoFeng Homepage (BaoFeng)