Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-44312 PoC — PicoC 缓冲区错误漏洞

Source
https://github.com/Halcy0nic/CVEs-for-picoc-3.2.2
Associated Vulnerability
Title:PicoC 缓冲区错误漏洞 (CVE-2022-44312)
Description:PicoC是一款轻量级C语言解释器。 PicoC 3.2.2版本存在缓冲区错误漏洞,该漏洞源于在 expression.c 中的 ExpressionCoerceInteger 函数中包含堆缓冲区溢出。
Description
Reproduction files for CVE-2022-44312 through CVE-2022-44321
Readme
# CVEs-for-picoc-3.2.2
Reproduction files for CVE-2022-44312 through CVE-2022-44321

## CVE Reference
* [PicoC v3.2.2 Heap Overflow in the ExpressionCoerceInteger function in expression.c (CVE-2022-44312)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44312)
* [PicoC v3.2.2 Heap Overflow in the ExpressionCoerceUnsignedInteger function in expression.c (CVE-2022-44313)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44313)
* [PicoC v3.2.2 Heap Overflow in the StringStrncpy function in cstdlib/string.c (CVE-2022-44314)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44314)
* [PicoC v3.2.2 Heap Overflow in the ExpressionAssign function in expression.c (CVE-2022-44315)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44315)
* [PicoC v3.2.2 Heap Overflow in the LexGetStringConstant function in lex.c (CVE-2022-44316)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44316)
* [PicoC v3.2.2 Heap Overflow in the StdioOutPutc function in cstdlib/stdio.c (CVE-2022-44317)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44317)
* [PicoC v3.2.2 Heap Overflow in the StringStrcat function in cstdlib/string.c (CVE-2022-44318)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44318)
* [PicoC v3.2.2 Heap Overflow in the StdioBasePrintf function in cstdlib/string.c (CVE-2022-44319)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44319)
* [PicoC v3.2.2 Heap Overflow in the ExpressionCoerceFP function in expression.c (CVE-2022-44320)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44320)
* [PicoC v3.2.2 Heap Overflow in the LexSkipComment function in lex.c (CVE-2022-44321)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44321)
* [PicoC v3.2.2 Null Pointer Dereference (CVE-2022-34556)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34556)

## Replication

1. Unzip picoc-3.2.2.zip and compile Picoc.
2. Unzip cve-files.zip and run the relevant reproduction file through the interpreter:

```
picoc -s [reproduction_filename.c]
```
File Snapshot

 [4.0K]  /data/pocs/3bed8f3959e78cdea3558747659f970a49a59bcc
├── [3.3K]  cve-files.zip
├── [730K]  picoc-3.2.2.zip
└── [2.0K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.