Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed in char* is longer than the staticly sized buffer data is memcpy‘d into, but after the memcpy a null byte is written to what is assumed to be the end of the buffer to terminate the char*, but without length checks, this null write occurs at an arbitrary offset from the buffer. An attacker can provide malicious input to trigger this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AT&T Labs Xmill 参数注入漏洞
Vulnerability Description
AT&T Labs Xmill是美国AT&T Labs实验室的一种用于高效压缩 XML 数据的新工具。 AT&T Labs Xmill存在参数注入漏洞,该漏洞的存在是由于strlen中的命令行解析HandleFileArg功能中的边界错误。本地用户可以使用一个特别制作的命令行参数,触发内存损坏并在目标系统上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A