Proftpd堆溢出漏洞 CNVD-2015-07798

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

=========================== VULNERABILITIES =========================== ../proftpd-master/src/pool.c:89-116 (Heap Overflow due to zero length malloc allocation) TYPE: CERT MEM04-C; CWE-131 Code Snippet: ............................ ret = malloc(size); } if (ret == NULL) { pr_log_pri(PR_LOG_ALERT, "Out of memory!"); #ifdef PR_USE_DEVEL if (debug_flags & PR_POOL_DEBUG_FL_OOM_DUMP_POOLS) { pr_pool_debug_memory(oom_printf); } #endif exit(1); } return ret; } ======================== TECHNICAL EXPLANATION ======================== The return value of malloc can be set to null for zero size allocs, and this would return a NULL pointer on certain implementations of MIPS32 and ARM architectures, or cause a SIGSEGV. Despite the exit() function call, the memory allocation would be attempted. Embedded platforms such as OpenWRT could be targeted and this defect can be taken advantage of, depending on where the swap is, this can be exploited. This would have critical impact on architectures such...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息