Simple Hospital Management System Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the Simple Hospital Management System version 1.0. The issue arises in the Add Information component, specifically within the Add function. The vulnerability is caused by the unsafe use of the gets() function, which allows for unbounded input to overflow fixed-size character arrays. This exploitation can lead to memory corruption on the stack, potentially overwriting adjacent patient records, local variables, and even the function's return address. Such manipulation could be exploited to execute arbitrary code or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability can lead to a stack-based buffer overflow, allowing for memory corruption on the stack. This could overwrite adjacent patient records, local variables, and the function's return address, potentially leading to arbitrary code execution or a denial-of-service condition.

Reproduction

To reproduce this vulnerability, navigate to the Add Information component of the Simple Hospital Management System. When prompted to enter a patient's name, use the gets() function to input a string longer than 29 characters, which will overflow the buffer. Repeat this process for the disease input. After entering the payloads, choose the search option by name to trigger the overflow, which will result in an access violation exception, indicating a crash caused by the stack overflow.