Volerion logoVolerion
Volerion logoVolerion

iniparser Heap-Based Buffer Overflow Vulnerability in iniparser_dumpsection_ini()

Vulnerability

A heap-based buffer overflow vulnerability has been identified in the iniparser library, specifically in the function iniparser_dumpsection_ini(). This vulnerability allows attackers to read out-of-bounds memory. The issue arises from the use of sprintf() to copy a string that exceeds the destination buffer's size, leading to a buffer overflow. The vulnerability was discovered through fuzz testing.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, which can commonly be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by calling the iniparser_dumpsection_ini() function with a string argument that exceeds the buffer size of the keym array. This can be done by creating a dictionary with a section entry that triggers the overflow when the function attempts to copy the string using sprintf().

Remediation

The vulnerability has been fixed in iniparser version 4.2.6.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
4.2
impact
0.6
exploitability
6.0
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.