OGRECave Ogre Null Pointer Dereference Vulnerability in LogManager Stream Function
Vulnerability
A null pointer dereference vulnerability has been identified in OGRECave Ogre versions through 14.4.1. The issue arises in the LogManager::stream function within OgreLogManager.cpp, where the mDefaultLog pointer is not properly initialized. This flaw can be exploited locally, leading to a segmentation fault as the program attempts to dereference the null pointer.
Impact
Exploitation of this vulnerability causes a segmentation fault due to a null pointer dereference, disrupting the application's execution.
Reproduction
The vulnerability can be reproduced by compiling OGRECave Ogre with AddressSanitizer and UndefinedBehaviorSanitizer enabled. After building the application, a fuzzer can be used to send crafted input that triggers the null pointer dereference in the LogManager::stream function. This process can be automated with a proof-of-concept fuzzer available as part of the OSS-Fuzz project.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.