undefined | Better HN

0 pointsb1temy1mo ago0 comments

The link in the HN submission contains the same text and excerpt from your link.

Additionally they note: -

"While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk."

IMO, probably in of itself, this alone is not able to do much besides maybe a crash / Denial of Service on modern systems. But it might be able to be used as part of a more advanced exploit chain, alongside other vulnerabilities, to potentially reach remote code execution, though this would be a much more sophisticated exploit and is maybe a bit of a reach. Still, I hesitate to call it impossible on modern systems due to the creativity of exploit developers.

0 comments

JohnLeitch1mo ago

> though this would be a much more sophisticated exploit and is maybe a bit of a reach.

Not necessarily. I have successfully exploited stack buffer overflows in major products despite stack canaries, ASLR, and DEP. It largely depends on context; if the vector is something that can be hit repeatedly, such a webform that that takes a cert or whatever, that simplifies things a lot versus something like a file format exploit, where you probably only get one chance. While I haven't analyzed this vulnerability, I would absolutely assume exploitability even if I couldn't see a way myself.

alanfranz1mo ago

You are right. I linked a differently formatted article with the same content. I don’t know why I didn’t initially notice such text.

j / k navigate · click thread line to collapse