Uncrustify Buffer Overflow Vulnerability Leading to Denial-of-Service

A stack-based buffer overflow vulnerability has been identified in the Uncrustify project, specifically in version Uncrustify_d-0.82.0-132-bcc41cbdc. The issue arises in the 'check_template' function within 'src/tokenizer/check_template.cpp', where the parser improperly handles malformed C/C++ template syntax. This flaw allows a local attacker to cause a denial-of-service by crashing the application. The vulnerability was discovered through fuzzing with AddressSanitizer enabled, which revealed a stack-buffer-overflow error at line 305 of the check_template.cpp file.

Impact

Exploitation of this vulnerability leads to memory corruption, causing the application to crash and disrupt service availability. While no arbitrary code execution has been confirmed, the denial-of-service impact is significant, especially in environments where Uncrustify is used for automated code processing or in CI/CD pipelines.

Reproduction

The vulnerability can be reproduced by building Uncrustify with AddressSanitizer enabled, using AFL++ as the fuzzing tool. After compiling the application, it can be run with a configuration file that specifies indentation settings, along with a proof-of-concept C file containing the malformed template syntax that triggers the buffer overflow. The application will crash, demonstrating the denial-of-service impact of the vulnerability.

Remediation

Users can update to the latest version of Uncrustify, where this vulnerability has been fixed. The patched version is available in the upstream commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc.