We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTCPCP server incorrectly handles incoming network messages leading to a NULL pointer dereference, resulting in crash of the server.
Proposed CVSS 3.0 score:
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Welcome to the potLogic CoffeeTr0n! Ready to brew.. there are 5 Pots available Created thread 0 Thread 0 Request: D������g�rd� Segmentation fault
./matrixssl-ASAN/apps/dtls/dtlsServer -p 44444 DTLS server running on port 44444 sslBuf = 0x61b00001e380 recvfromBuf = 0x61b00001f180 recvLen = 67 sslBuf = 0x61b00001ea80 recvfromBuf = 0x61b00001f180 recvLen = 1047 ================================================================= Created thread 0 Thread 0 Request: D������g�rd� ASAN:SIGSEGV ================================================================= ==21766==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f2af2a2f746 bp 0x7f2aefbfbd10 sp 0x7f2aefbfb498 T1) #0 0x7f2af2a2f745 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x8b745) #1 0x7f2af2ffb1a5 in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x701a5) #2 0x40347b in splitVarVal (htcpcp_server_ASAN+0x40347b) #3 0x40392b in CoffeeRequestHandler (htcpcp_server_ASAN+0x40392b) #4 0x403e47 in thread (htcpcp_server_ASAN+0x403e47) #5 0x7f2af2d756b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) #6 0x7f2af2aab41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 strlen Thread T1 created by T0 here: #0 0x7f2af2fc1253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253) #1 0x404b09 in main (htcpcp_server_ASAN+0x404b09) #2 0x7f2af29c482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) ==21766==ABORTING
Reproduction:
Download and compile HTCPCP server.
Run HTCPCP server: ./htcpcp_server 44444
(using defork from Preeny package: https://github.com/zardus/preeny) LD_PRELOAD=~/tools/preeny/defork.so ./htcpcp_server 44444
payload_madmaze-htcpcp_000.raw.zip
The text was updated successfully, but these errors were encountered:
No branches or pull requests
HTCPCP server incorrectly handles incoming network messages leading to a NULL pointer dereference, resulting in crash of the server.
Proposed CVSS 3.0 score:
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Error message WITHOUT Address Sanitizer:
Error message WITH Address Sanitizer:
Reproduction:
Download and compile HTCPCP server.
Run HTCPCP server:
./htcpcp_server 44444
(using defork from Preeny package: https://github.com/zardus/preeny)
LD_PRELOAD=~/tools/preeny/defork.so ./htcpcp_server 44444
netcat $IP 44444 < payload_madmaze-htcpcp_000.raw
where $IP is IP of test server
payload_madmaze-htcpcp_000.raw.zip
The text was updated successfully, but these errors were encountered: