yTree Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A stack-based buffer overflow vulnerability has been identified in yTree version 1.94-1.1. This vulnerability allows local attackers to execute arbitrary code by supplying an excessively long command-line argument. Exploitation involves crafting a malicious argument that includes shellcode and a return address, overwriting the stack to execute code within the application's context.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution in the context of the application.
Reproduction
The vulnerability can be reproduced by launching yTree with a command-line argument that is excessively long. This argument should be crafted to include shellcode and a return address that overwrites the stack, directing execution to the injected shellcode. The provided exploit, available on Exploit Database, automates this process.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.