关联漏洞
Description
PoC of CVE-2025-60751
介绍
# CVE-2025-60751
PoC for CVE-2025-60751
Affected product: [Geographiclib](https://github.com/geographiclib/geographiclib) <= v2.5.1
The full writeup article is available at [https://zer0matt.github.io/CVE-2025-60751/](https://zer0matt.github.io/CVE-2025-60751/)
### Description
A stack buffer overflow occurs when GeoConvert receives a crafted input.
The overflow occurs because the program does not properly validate an internal index, allowing an out-of-bounds write on the stack.
An attacker can exploit this vulnerability to hijack the program's control flow by overwriting a return address to point to a libc function (ret2libc) and execute arbitrary code using a ROP chain.
### Usage
```
[~] python3 CVE-2025-60751.py
[*] '/home/matt/geographiclib/tools/GeoConvert'
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX enabled
PIE: PIE enabled
FORTIFY: Enabled
ASAN: Enabled
Stripped: No
Debuginfo: Yes
[+] Starting local process '/home/matt/geographiclib/tools/GeoConvert': pid 398391
[*] Switching to interactive mode
ERROR: Column letter A not in UPS band A set JKLPQRSTUXYZ
$
```
### Notes
Remember to fix the addresses accordingly in order to build your own ROP Chain, addresses can vary due to memory defenses techniques such as ASLR.
文件快照
[4.0K] /data/pocs/d5b32774354d1d4184c52b7fd1cf2b41d08d76cd
├── [ 753] CVE-2025-60751.py
└── [1.3K] README.md
1 directory, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。