neurobin shc Stack-Based Buffer Overflow Vulnerability in Versions Through 4.0.3
Vulnerability
A stack-based buffer overflow vulnerability has been identified in neurobin shc versions through 4.0.3. The issue arises in the make function within src/shc.c, where the program fails to properly validate the length of file names. This oversight allows user input to be formatted into a command variable with a maximum size of 4096 bytes, leading to the overflow. The vulnerability can only be exploited locally, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution or the introduction of malicious payloads, according to the VulDB entry.
Reproduction
To reproduce this vulnerability, use neurobin shc version 4.0.3 or earlier. The vulnerability can be triggered by the make function in src/shc.c, where the file name input is not properly checked for length. This allows for a crafted input to overflow the buffer on the stack.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.