miaofng uds-c Stack Buffer Overflow Vulnerability in send_diagnostic_request

A stack buffer overflow vulnerability has been identified in the miaofng uds-c library, specifically in commit e506334e. The issue arises in the send_diagnostic_request function, where a 6-byte stack buffer is vulnerable to overflow. The vulnerability occurs because the buffer receives data via memcpy from an attacker-controlled length parameter, without any prior bounds checking. This flaw allows for a payload length that exceeds the buffer's capacity, leading to potential memory corruption.

Impact

Exploitation of this vulnerability causes a stack buffer overflow, which can lead to arbitrary code execution or a crash of the application.

Reproduction

The vulnerability can be reproduced by sending a crafted UDS request that includes a payload length exceeding the maximum buffer size. This can be done by manipulating the request structure to include an oversized payload length, which is then copied into the stack buffer without any bounds validation.