Generic Mapping Tools Stack-Based Buffer Overflow Vulnerability in gmt_remote_dataset_id Function

A stack-based buffer overflow vulnerability has been identified in Generic Mapping Tools (GMT) versions through 6.6.0. The issue arises in the gmt_remote_dataset_id function within src/gmt_remote.c, where a specially crafted long string can be passed as a dataset identifier. This vulnerability can lead to a program crash or potentially allow arbitrary code execution. The root cause is the unsafe handling of user-controlled dataset names, which can overwrite the stack frame and return address when exceeding the buffer's size limit. The vulnerability has been confirmed using AddressSanitizer, which reported a stack-buffer-overflow.

Impact

Exploitation of this vulnerability causes a program crash, leading to a denial-of-service condition. However, in certain environments, it could be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced using a Python script with the PyGMT library. The script creates a payload that includes a long string designed to overflow the stack buffer, followed by a crafted return address. This payload is then sent to the 'which' module, triggering the buffer overflow.

Remediation

Users are advised to update to the patched version of GMT, which is available on the Generic Mapping Tools GitHub repository.