Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-41498: Missing a terminator after strncpy in function Server_jack_init, which may cause read-overflow · Issue #221 · belangeo/pyo

Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.

CVE
Open in Source
#dos

Code snippet

Server_jack_init(Server *self)
{
    int i = 0;
    char client_name[32];  -----------> No initialization
    char name[16];
     .........
    strncpy(client_name, self->serverName, 31);  -------------> when length of self->serverName is 31,  client_name may has no terminator. It is a risk of read-overflow.
     .........
}

Description

Function: Server_jack_init
File: ad_jack.c
Call-path: boot (Python) -> Server_boot -> Server_jack_init
WarningType: read-overflow. Our analysis tool reported a warning at the call-site of strncpy. As client_name is not initialized, it may has no terminator after strncpy hence to cases read-overflow.
Also seen in Details

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE