tiny-web-server icon indicating copy to clipboard operation
tiny-web-server copied to clipboard

Published 20 hours ago verified publisher icon shenfeng

Buffer Overflow Vulnerability

Open keymandll opened this issue 4 years ago • 2 comments

I appreciate the author clearly stating that security was not really considered when writing the code. Still, it probably make sense for me to leave this issue here so that people are aware.

Tiny Web Server is suffering from a classic buffer overflow vulnerability when processing the URI part of a HTTP request, that can lead to the remote compromise of a system running the web server.

For those interested, I have created a video: https://youtu.be/DdvVnQaHRwM?t=817

keymandll avatar May 19 '20 08:05 keymandll

hey @keymandll , seems like the link is down. Is it possible to reupload it or share it somehow? I would appreciate it. Thank you.

jjang3 avatar Nov 30 '23 20:11 jjang3

@jjang3 can't confirm for sure if its the same issue but this may be a vulnerability i found a few years ago. you can read my writeup here: https://blog.coffinsec.com/2017/11/10/tiny-web-server-buffer-overflow-discovery-and-poc.html

the short version is its caused by the use of sscanf() without bounds checking or limits in parse_request().

    sscanf(buf, "%s %s", method, uri); /* version is not cared */

mellow-hype avatar Jun 30 '24 04:06 mellow-hype