Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-43343: Global Buffer overflow in gettoken at Main.c (Ver 1.91) · Issue #75 · sasagawa888/nprolog

N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c.

CVE
Open in Source
#vulnerability#c++#buffer_overflow

Hi @sasagawa888,

I pulled down the most recent version of nprolog (Ver 1.91) and ran it through my fuzz tests. It looks like there is a global buffer overflow in gettoken at Main.c when you tell NPL to run a file in script mode.

I have attached most of the crash files for reproduction. If you compile the project with AddressSanitizer it can also detect the global overflow:

Makefile

CC   = gcc
LIBS = -lm -ldl -fsanitize=address


LIBSRASPI = -lm -ldl -lwiringPi -fsanitize=address
INCS =  
CFLAGS = $(INCS) -Wall -O3 -fsanitize=address
DEST = /usr/local/bin

Running NPL in script mode

crash.zip

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE