DoS attack caused by segmentation fault #18
Assignees
Labels
bug
Something isn't working
Comments
|
Any codes to fix it? Fixing metadata need taglib, seems the bug is caused by taglib. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Denial-of-Service (DoS) Vulnerability of taurusxin ncmdump v1.3.2 allow a remote attacker to break ncmdump online service via the crafted .ncm files.
Attack vectors provided in poc will trigger segmentation fault caused by illegal read access. The crash point is at ncmdump/src/ncmcrypt.cpp:251, a function call to NeteaseCrypt::FixMetadata(). Coredump file is provided in ./coredumps.
See also https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_FixMetadata/dos_FixMetadata.md
Reproduction
Run the following command:
./bin/ncmdump ./poc/I1DWE0~U; cp ./poc/origin/I1DWE0~U ./poc/I1DWE0~UPostscript: To successfully reproduce it, one need to run the command for several times.
Screen-shot
Crash:
Debug coredump:
The text was updated successfully, but these errors were encountered: