Panda3D Unbounded Stack Allocation Vulnerability in Deploy-Stub Executable Allowing Denial-of-Service

A denial-of-service vulnerability has been identified in the Panda3D game engine, specifically in versions through 1.10.16, within the deploy-stub executable. The issue arises from unbounded stack allocation that is directly influenced by the attacker-controlled argument count (argc), without any validation. This flaw allows for excessive stack memory usage, which can lead to a crash and undefined behavior by corrupting the stack with uninitialized data that is later processed by the Python interpreter.

Impact

Exploitation of this vulnerability causes a reliable crash of the deploy-stub executable, with MemorySanitizer confirming the use of uninitialized stack memory. The stack exhaustion disrupts the normal execution flow, leading to a corrupted stack state that is processed by the Python interpreter, causing undefined behavior.

Reproduction

The vulnerability can be reproduced by running the deploy-stub executable with a large number of command-line arguments. This can be done by using a command that includes a high volume of 'A' characters, which will be interpreted as argument data, effectively overwhelming the stack allocation.