Flat Assembler Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A stack-based buffer overflow vulnerability has been identified in Flat Assembler version 1.71.21. This vulnerability allows local attackers to execute arbitrary code by providing oversized input to the application. Specifically, input exceeding 5895 bytes can be crafted to overwrite the instruction pointer, enabling the execution of return-oriented programming (ROP) chains for shell command execution.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution in the context of the application. However, failed exploit attempts result in a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by using Flat Assembler 1.71.21 on a Linux system. After downloading and extracting the application, input exceeding 5895 bytes can be supplied to the assembler. This oversized input will overwrite the instruction pointer, allowing for the execution of a ROP chain that can execute shell commands.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.