Skip to content

Double Free in TCPServer  #22

Closed
Closed
@Halcy0nic

Description

Hi there!

I was running my fuzzer in the background when I discovered a double free in the SimpleNetwork TCPServer.

Impact

Triggering the double free will allow client to crash any SimpleNetwork TCP server remotely. In other situations, double free vulnerabilities can cause undefined behavior and potentially code execution in the right circumstances.

Reproduction

Create a file with a large amount of random characters

Screen Shot 2022-07-14 at 4 27 10 PM

Start a TCP server and send the large file to the server a few consecutive times

Screen Shot 2022-07-14 at 5 06 48 PM

View the crash and gdb backtrace

Screen Shot 2022-07-14 at 4 30 14 PM

Screen Shot 2022-07-14 at 5 06 14 PM

Extra Resources

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions