Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2018-3899

High

7.5/10

Summary

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

Advisory Timeline

Published Nov 02, 2018

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2018-3899

Summary

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS