BehaviorTree Stack-Based Buffer Overflow Vulnerability in Script Parser

A stack-based buffer overflow vulnerability has been identified in BehaviorTree versions through 4.7.0. The issue arises in the 'ParseScript' function within 'src/script_parser.cpp', specifically in the Diagnostic Message Handler component. The vulnerability is caused by a fixed-size error buffer that cannot accommodate longer diagnostic messages, leading to an overflow. This issue can only be exploited locally.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution or a crash, depending on the context.

Reproduction

The vulnerability can be reproduced by compiling BehaviorTree with AddressSanitizer and UndefinedBehaviorSanitizer enabled. After building the application, the fuzzer can be run with a crafted input file that triggers the buffer overflow. The program will crash, and the AddressSanitizer will report the stack-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

Users are advised to update to BehaviorTree version 4.7.1 or later, where this vulnerability has been fixed.