ArduinoCore-avr Stack-Based Buffer Overflow Vulnerability in String Floating-Point Conversion
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the ArduinoCore-avr library, specifically in versions prior to 1.8.7. This vulnerability allows an attacker to exploit the String constructors and concatenation methods that handle floating-point values with high precision. By supplying excessively large decimalPlaces values, the dtostrf function can overwrite fixed-size stack buffers, leading to memory corruption and a denial-of-service condition. In certain scenarios, this exploitation could allow arbitrary code execution on affected AVR-based Arduino boards.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to memory corruption and a denial-of-service condition. Under specific circumstances, this could allow arbitrary code execution on AVR-based Arduino boards.
Remediation
Users are advised to update ArduinoCore-avr to version 1.8.7 or later. The update can be downloaded from the ArduinoCore-avr GitHub releases page.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.