NetAware Buffer Overflow Vulnerability Leading to Denial-of-Service
Vulnerability
A buffer overflow vulnerability has been identified in NetAware version 1.20, specifically within the User Blocking feature. This vulnerability allows local attackers to crash the application by providing oversized input. By pasting a malicious buffer of 512 bytes into the 'Add a website or keyword to be filtered' field, attackers can trigger a crash when attempting to remove the created block.
Impact
Exploitation of this vulnerability causes a denial-of-service condition, leading to a crash of the NetAware application.
Reproduction
To reproduce this vulnerability, first run a Python script that generates a buffer of 512 bytes and saves it to a text file. Copy the contents of this file to the clipboard. Then, open the NetAware application and navigate to 'Settings' > 'User Blocking'. Click 'Add Block', paste the clipboard contents into the 'Add a website or keyword to be filtered' field, and click 'OK'. After the block is created, select it and click 'Remove', which will result in the application crashing.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.