Primary

Context

ThakeeNathees Pocketlang Memory Corruption Vulnerability in pkByteBufferAddString Function

Vulnerability

A memory corruption vulnerability has been identified in ThakeeNathees Pocketlang versions up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The issue arises in the pkByteBufferAddString function, where the manipulation of the argument length with an extremely large value leads to memory corruption. This vulnerability requires local access to exploit. The problem has been publicly disclosed, and an exploit is available.

Impact

Exploitation of this vulnerability causes a heap-buffer overflow, leading to memory corruption and a segmentation fault.

Reproduction

The vulnerability can be reproduced by building Pocketlang with release optimization and running the compiled binary with a specific input file that triggers the issue. This can be done using gdb to observe the crash, which occurs due to the integer underflow caused by the large length value.

Added: Mar 12, 2026, 8:20 AM

Updated: Mar 12, 2026, 8:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.5

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.5

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ThakeeNathees Pocketlang Memory Corruption Vulnerability in pkByteBufferAddString Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating