Warmcat Libwebsockets Stack-Based Buffer Overflow Vulnerability in Async-DNS Component

A stack-based buffer overflow vulnerability has been identified in Warmcat Libwebsockets version 4.4, specifically within the asynchronous DNS parsing component. When compiled with the LWS_WITH_SYS_ASYNC_DNS flag enabled, the vulnerability allows an attacker who can intercept DNS requests to craft a response that overflows the label stack. This is achieved by sending a label longer than the maximum allowed, exploiting inadequate buffer size checks in the DNS label parsing function.

Impact

Exploitation of this vulnerability can lead to a stack-based buffer overflow, which may allow for arbitrary code execution, depending on the platform and compiler options.

Reproduction

To reproduce this vulnerability, build the Libwebsockets library with the LWS_WITH_SYS_ASYNC_DNS option enabled and the LWS_WITH_SSL option disabled. Use the AddressSanitizer to detect memory corruption issues. After compiling the library, run the included test harness, directing it to a file that contains a crafted DNS response designed to exploit the buffer overflow vulnerability. The AddressSanitizer report will confirm the successful exploitation by showing a stack buffer overflow error.

Remediation

Users are advised to update to the patched version of Libwebsockets, which is available on the official Libwebsockets GitHub repository.