Duc Stack Buffer Overflow Vulnerability Allowing Out-of-Bounds Read
Vulnerability
A stack buffer overflow vulnerability has been identified in Duc, a disk management tool, specifically in the buffer_get function. This vulnerability arises from an unsigned integer underflow, which allows for an out-of-bounds read of memory. The issue can be exploited by supplying crafted input that manipulates the buffer's length, bypassing safety checks and causing the application to crash or disclose sensitive information from adjacent memory on the stack.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash, and allows for information disclosure by reading sensitive data from the stack.
Reproduction
The vulnerability can be reproduced by creating a small buffer and requesting a read length that exceeds the buffer's size. This can be done by crafting input that exploits the unsigned integer underflow in the length check, causing the buffer_get function to perform an out-of-bounds read using memcpy.
Remediation
Users are advised to upgrade to Duc version 1.4.6, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.