GNU C Library Buffer Overflow Vulnerability in assert() Function

A buffer overflow vulnerability has been identified in the GNU C Library (glibc) versions 2.13 through 2.40, specifically within the assert() function. When an assertion fails, the library does not allocate sufficient space for the failure message and associated size information. This oversight can lead to a buffer overflow, particularly if the message size aligns with the page size. The vulnerability can be exploited by local attackers, especially in setuid programs that contain reachable assertion failures.

Impact

Exploitation of this vulnerability can cause a buffer overflow, potentially leading to memory corruption. In some cases, this could be exploited to manipulate memory management data, causing undefined behavior or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling a C program that includes an assertion failure. The program can be executed with arguments that trigger the assertion, causing the failure message to be processed by the vulnerable assert() implementation. This can be automated with a script that sends the appropriate argument sizes to exploit the buffer overflow.

Remediation

Users should upgrade to glibc versions 2.41 or 2.40-66, where this vulnerability has been fixed.