F Prime Integer Overflow Vulnerability in File Uplink Service Allowing Arbitrary File Write and Remote Code Execution

A vulnerability exists in the File Uplink service of the F Prime framework, specifically in versions prior to 4.2.0. The issue arises from an integer overflow in the bounds check for file write operations. The check fails to properly validate the byte offset and data size, allowing an attacker to craft a DataPacket that bypasses the check and writes data at an offset of approximately 4GB. Additionally, the File Uplink service does not sanitize file paths, enabling arbitrary data to be written to any file at any offset. This vulnerability leads to remote code execution on embedded targets.

Impact

Exploitation of this vulnerability allows for arbitrary file writes, which can be leveraged for remote code execution on affected embedded systems.

Reproduction

The vulnerability can be reproduced by sending a crafted DataPacket with a byteOffset of 0xFFFFFF9C and a dataSize of 100. This combination causes the byteOffset to wrap around, bypassing the bounds check and allowing the file write to occur at the original offset of approximately 4GB.

Remediation

Users can upgrade to F Prime version 4.2.0 or later, where this vulnerability has been patched.