Zaher1307 Tiny Web Server Out-of-Bounds Write Vulnerability in URL Handler Component

A stack-based buffer overflow vulnerability has been identified in Zaher1307 tiny_web_server versions prior to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. The issue arises in the URL Handler component, specifically within the 'tiny_web_server/tiny.c' file. The vulnerability is caused by the unsafe use of the 'sprintf()' function, which writes user-controlled data into a fixed-size stack buffer without proper boundary checks. This flaw allows for out-of-bounds write operations, which can be exploited remotely.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution, denial-of-service, or information disclosure.

Reproduction

The vulnerability can be reproduced by sending an HTTP GET request with an overly long URI, containing at least 8160 bytes. The 'client_error()' function will be triggered, causing the 'sprintf()' function to write beyond the allocated buffer, overwriting adjacent stack memory. This can be automated with a Python script that sends the crafted request.