SourceCodester Computer Store System Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in SourceCodester Computer Store System version 1.0. The issue arises in the 'Add' function of 'main.c', where the unsafe 'gets()' function is used to read input into a fixed-size buffer 'RAM'. This lack of bounds checking allows for the overflow of the buffer, potentially overwriting adjacent memory and control data on the stack, such as the return address. This vulnerability can be exploited locally, leading to arbitrary code execution or program crashes.

Impact

Exploitation of this vulnerability causes memory corruption and can overwrite control data on the stack, such as the return address, enabling arbitrary code execution. The vulnerability also allows for local privilege escalation.

Reproduction

The vulnerability can be reproduced by inputting more than 100 characters into the 'PC.RAM' buffer while the 'Add' function is active. This can be done by using the 'gets()' function, which does not limit input size, creating a stack-based buffer overflow by overwriting the buffer and corrupting adjacent memory, including control data on the stack.

Remediation

Replace the 'gets()' function with safer alternatives that include bounds checking, such as 'fgets()' or 'scanf()' with length limits. Additionally, audit the codebase to remove all instances of 'gets()' and ensure that no unchecked input is directed to fixed-size buffers.