GHIA CamIP Denial-of-Service Vulnerability in Password Input Field
Vulnerability
A denial-of-service vulnerability has been identified in the GHIA CamIP application for iOS, specifically in version 1.2. This vulnerability allows attackers to crash the application by pasting a 33-character buffer of repeated characters into the password input field. The issue occurs on iOS devices when the application is forced to process the excessive input, leading to a crash.
Impact
Exploitation of this vulnerability causes the GHIA CamIP application to crash, disrupting any active sessions or processes within the app.
Reproduction
To reproduce this vulnerability, first run a Python script that generates a 33-character buffer of repeated characters and copies it to the clipboard. Then, open the GHIA CamIP app on an iOS device, navigate to the 'Add' section, and connect to the internet. Paste the clipboard content into the password field and initiate the camera setup process, which will result in the application crashing.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.