Buffer Overflow Vulnerability

[keymandll]

I appreciate the author clearly stating that security was not really considered when writing the code. Still, it probably make sense for me to leave this issue here so that people are aware.

Tiny Web Server is suffering from a classic buffer overflow vulnerability when processing the URI part of a HTTP request, that can lead to the remote compromise of a system running the web server.

For those interested, I have created a video: https://youtu.be/DdvVnQaHRwM?t=817

[jjang3]

hey @keymandll , seems like the link is down. Is it possible to reupload it or share it somehow? I would appreciate it. Thank you.

[mellow-hype]

@jjang3 can't confirm for sure if its the same issue but this may be a vulnerability i found a few years ago. you can read my writeup here: https://blog.coffinsec.com/2017/11/10/tiny-web-server-buffer-overflow-discovery-and-poc.html

the short version is its caused by the use of sscanf() without bounds checking or limits in parse_request().

    sscanf(buf, "%s %s", method, uri); /* version is not cared */