Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CVE-2020-26800] Stack based buffer overflow while parsing JSON file #5917

Open
Cr0wTom opened this issue Jan 10, 2021 · 0 comments
Open

[CVE-2020-26800] Stack based buffer overflow while parsing JSON file #5917

Cr0wTom opened this issue Jan 10, 2021 · 0 comments

Comments

@Cr0wTom
Copy link

@Cr0wTom Cr0wTom commented Jan 10, 2021

Short description

Stack based buffer overflow while parsing JSON file Leads to DoS

Attack scenario

An attacker can supply a specially crafted config.json file, consisting of 3764 left square brackets or more, which results in segmentation fault by the application. This immediately results in Denial of Service, and with more advanced exploitation it can have further implications, with higher severity security issues.

Components

Aleth 1.8.0

Reproduction

Create a .json file consisting of 3764 left square brackets ([) or more. Run it using the following command; ./aleth --config followed by the .json file created earlier.

The stack overflow can be examined with gdb (set args --config ./test.json) or with valgrind (valgrind ./aleth --config ./test3.json).

I submitted this bug in the bug bounty program in Oct 05, 2020, but that kind of vulnerabilities are out of scope. As there was no intention to publish the vulnerability and issue a fix after 3 months I responsibly disclose the vulnerability with the intention to help the security team to fix the issue or mark the application as EOL if that's the case. As I didn't manage to properly compile the app with my fuzzers compiler I could use some insights on where the parser of the config file is.

In any case, I would be happy to help and assist with the issue.

Edit/Update: Github Issue creation for the issue has been approved.

Edit/Update 2: CVE has been issued. I will update once it is public.

Edit/Update 3: CVE has been published: https://nvd.nist.gov/vuln/detail/CVE-2020-26800

@Cr0wTom Cr0wTom changed the title Stack based buffer overflow while parsing JSON file [CVE-2020-26800] Stack based buffer overflow while parsing JSON file Jan 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant