SourceCodester Phone Management System Buffer Overflow Vulnerability

A critical buffer overflow vulnerability has been identified in SourceCodester Phone Management System version 1.0. The issue arises in the Password Handler component, specifically within the main function. The vulnerability is caused by a character variable that receives input through scanf, allowing for arbitrary data length and leading to a buffer overflow. This vulnerability requires local access to exploit.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling the application with Visual Studio 2022, disabling stack protection and warnings. After launching the program, enter the password 'admin' to access the menu. Select option 3 to enter the vulnerable function, set a breakpoint on line 632, and input data longer than 15 bytes. The buffer overflow can be observed in the memory monitoring window, where the overflowed data will be visible.