Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-37778: There is a buffer overflow when parsing command line parameters · Issue #294 · osqzss/gps-sdr-sim

There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution.

CVE
#buffer_overflow

Hi friends!
When the parameter length is greater than 100 characters of MAX_CHAR, the strcpy function overflows. A length check can be performed to fix the problem.

#define MAX_CHAR (100)

char umfile\[MAX\_CHAR\];
char navfile\[MAX\_CHAR\];
char outfile\[MAX\_CHAR\];

while ((result=getopt(argc,argv,"e:u:g:c:l:o:s:b:T:t:d:iv"))!=-1)
{
    switch (result)
    {
    case 'e':
        strcpy(navfile, optarg);
        break;
    case 'u':
        strcpy(umfile, optarg);
        nmeaGGA = FALSE;
        break;
    case 'g':
        strcpy(umfile, optarg);
        nmeaGGA = TRUE;
        break;
    case 'c':
        // Static ECEF coordinates input mode
        staticLocationMode = TRUE;
        sscanf(optarg,"%lf,%lf,%lf",&xyz\[0\]\[0\],&xyz\[0\]\[1\],&xyz\[0\]\[2\]);
        break;
    case 'l':
        // Static geodetic coordinates input mode
        // Added by [email protected]
        staticLocationMode = TRUE;
        sscanf(optarg,"%lf,%lf,%lf",&llh\[0\],&llh\[1\],&llh\[2\]);
        llh\[0\] = llh\[0\] / R2D; // convert to RAD
        llh\[1\] = llh\[1\] / R2D; // convert to RAD
        llh2xyz(llh,xyz\[0\]); // Convert llh to xyz
        break;
    case 'o':
        strcpy(outfile, optarg);
        break;

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda