Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-28515 PoC — CSAPP Lab3 安全漏洞

Source
https://github.com/heshi906/CVE-2024-28515
Associated Vulnerability
Title:CSAPP Lab3 安全漏洞 (CVE-2024-28515)
Description:CSAPP Lab3是CSAPP Lab实验室的一款应用软件。 CSAPP Lab3 15-213 Fall 20xx 版本存在安全漏洞,该漏洞源于允许远程攻击者通过 csapp、lab3/buflab-update.pl 组件的 lab3 执行任意代码。
Description
A vuln about csapp.
Readme
# CVE-2024-28515

## Description
Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of csapp,lab3/buflab-update.pl component.

## Additional Information
CNVD has completed verification of this vulnerability, but it has not been publicly disclosed because the vulnerability has not been fixed.

## Vulnerability Type
Buffer Overflow

## Vendor of Product
CSAPP_Lab (Lab of CS:APP3e)

## Affected Product Code Base
CSAPP Lab3 - 15-213, Fall 20xx (There's only one version.)

## Affected Component
lab3 of csapp,lab3/buflab-update.pl

## Attack Vectors
If the server deploys lab3 of csapp_lab, an attacker can access a specific URL to execute arbitrary code.

## Discoverer
Yuchao He, Yijie Xun, Jiajia Liu, Yuwei Yang, Bomin Mao, Hongzhi Guo (all discoverers from Northwestern Polytechnical University)

## Reference
- [CSAPP Official Website](http://csapp.com)
- [CSAPP Lab Lab Website](http://csapplablab.com)

For the POC, refer to another file in the same folder.
File Snapshot

 [4.0K]  /data/pocs/457c48803eed3dc6aed93b22d0a000e9db67a6e6
├── [2.8K]  csapp_RCE.md
└── [1.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.