Code-Projects Simple Movie Ticket Booking System Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Code-Projects Simple Movie Ticket Booking System version 1.0. The issue arises in the 'changeprize' function, where user input is read into a fixed-size buffer without proper length validation. This vulnerability can be exploited locally, leading to memory corruption and potential overwriting of adjacent memory, including the function's return address.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to memory corruption, overwriting of adjacent buffers, and potentially tampering with the function's return address. This type of vulnerability can commonly be exploited to execute arbitrary code.

Reproduction

To reproduce this vulnerability, access the 'changeprize' function and input a string longer than 9 characters into the password prompt. The overflow can be observed by causing a crash, such as an 'EXCEPTION_ACCESS_VIOLATION' error.