vendor:
Scan Engine
by:
Project Zero
7,8
CVSS
HIGH
Stack Buffer Overflow
119
CWE
Product Name: Scan Engine
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2017
Dec2LHA Library Stack Buffer Overflow
The dec2lha library is the library responsible for decompressing LZH and LHA archives. The CSymLHA::get_header() routine has a trivial stack buffer overflow. We can see from this initialization that var_141C is a 1024 byte stack buffer, because 0x100 * sizeof(dword) = 1024. But later on in this routine, the index is checked to see if it's > 4096 bytes, this is incorrect. This is most likely a simple programmers error, bounds checking with the wrong size.
Mitigation:
Ensure that the code is properly checked for buffer overflows and that the correct size is used for bounds checking.
