This repository was archived by the owner on Sep 17, 2018. It is now read-only.
This repository was archived by the owner on Sep 17, 2018. It is now read-only.
Another Heap Buffer Overflow on bchunk v1.2.1 and v1.2.0 #3
Closed
Description
This issue is a heap-related error similar to https://github.com/extramaster/bchunk/issues/2 but when replicated using gdb exploitable, it has a hash value that is different. There were 10 different payloads that produces the same hash value as https://github.com/extramaster/bchunk/issues/2 but only 1 other payload produces the following hash value, which makes it evident that this heap-related error is caused by a different part of the code.
- v1.2.0: dee2679e6e5af60ee000eb3acd6a6521.9ed6687229c36ed4f3b6957d8de6f879
(gdb) exploitable
__main__:99: UserWarning: GDB v7.11 may not support required Python API
Description: Heap error
Short description: HeapError (10/22)
Hash: dee2679e6e5af60ee000eb3acd6a6521.9ed6687229c36ed4f3b6957d8de6f879
Exploitability Classification: EXPLOITABLE
Explanation: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.
Other tags: AbortSignal (20/22)
- v1.2.1: 7dabe720a577c556f3502bc14a09e494.5f6e27cabe9c5ab0e08ffc984674d095
(gdb) exploitable
__main__:99: UserWarning: GDB v7.11 may not support required Python API
Description: Heap error
Short description: HeapError (10/22)
Hash: 7dabe720a577c556f3502bc14a09e494.5f6e27cabe9c5ab0e08ffc984674d095
Exploitability Classification: EXPLOITABLE
Explanation: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.
Other tags: AbortSignal (20/22)
The following is the stack trace output from gdb:
2147483647: /dev/null2147483647.ugh 0/0 MB [********************] -0 %*** Error in `/opt/targetApps/bchunk-1.2.1/bchunk': free(): invalid next size (normal): 0x08051b40 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x67377)[0xb7e6e377]
/lib/i386-linux-gnu/libc.so.6(+0x6d2f7)[0xb7e742f7]
/lib/i386-linux-gnu/libc.so.6(+0x6dc31)[0xb7e74c31]
/lib/i386-linux-gnu/libc.so.6(fclose+0x177)[0xb7e64b57]
/opt/targetApps/bchunk-1.2.1/bchunk[0x804b6c4]
/opt/targetApps/bchunk-1.2.1/bchunk[0x80494c8]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf7)[0xb7e1f637]
/opt/targetApps/bchunk-1.2.1/bchunk[0x80498a5]
Metadata
Metadata
Assignees
Labels
No labels