Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Stack based buffer overflow while parsing AQL (parsing next token) #594
Function next_token that provides next token during AQL parsing tries to memcpy input data (part of AQL files) into fixed size buffer.
Declaration of buffer:
This could lead to Remote Code Execution via stack smashing attack (overwriting the function return address).
Proposed CVSS score:
Following AQL code will trigger crash (crash_001_next_token.sql):
Crash details using Address Sanitizer:
Address 0x7ffc6d2ca440 is located in stack of thread T0 at offset 240 in frame
This frame has 4 object(s):