ixray-Team ixray-1.6-stcop Out-of-Bounds Write Vulnerability

An out-of-bounds write vulnerability has been identified in ixray-Team ixray-1.6-stcop, affecting versions prior to 1.3. This vulnerability arises from cloned code in the OpenSSL library, specifically in the BN_print.c file, which did not incorporate a critical security patch. The issue can lead to memory corruption and potential application crashes.

Impact

Exploitation of this vulnerability causes out-of-bounds writes to a buffer, which can lead to memory corruption and application crashes.

Reproduction

The vulnerability can be reproduced by presenting an oversized BIGNUM to the BN_bn2dec() function. This causes the BN_div_word() function to fail, allowing data to be written outside the intended buffer boundaries. The absence of proper error handling in this scenario creates the out-of-bounds write condition.

Remediation

Users are advised to apply the same patch that was implemented in the original OpenSSL repository to address this vulnerability.