TiEmu Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A buffer overflow vulnerability has been identified in TiEmu version 3.03-nogdb+dfsg-3. This vulnerability arises in the handling of ROM parameters, allowing local attackers to crash the application or execute arbitrary code. By supplying an oversized ROM parameter through the command-line interface, attackers can overflow the stack buffer, overwrite the instruction pointer, and redirect execution to malicious addresses.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution.
Reproduction
The vulnerability can be reproduced by using the TiEmu emulator and providing an oversized ROM parameter via the command-line interface. This can be done by using a Python script to generate a payload that includes the excess data, which is then passed to the emulator. The exploitation causes the program to crash and can be verified using a debugger, which will show the overwritten instruction pointer.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.