VDB-249770 is the identifier assigned to this vulnerability. The exploit has been disclosed to the public and may be used. The manipulation of the argument v8 leads to stack-based buffer overflow. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. No known workarounds are available.Ī vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. This issue only impacts library users with custom `record_external_operation` that returns errors. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). Yet, the substate commitment already happened. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. This feature can have some bogus interactions with the call stack. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. Rust EVM is an Ethereum Virtual Machine interpreter. Handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. Route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |