Security vulnerabilities and automated fixes for sprintf issues
8 posts found
A critical buffer overflow vulnerability was discovered in the OpenCC C library's configuration reader, where an unbounded `sprintf()` call could allow attackers to overflow a fixed-size buffer by supplying malformed configuration files with excessively long path components. The fix replaces `sprintf()` with `snprintf()` and adds proper line-length validation to prevent memory corruption attacks. Left unpatched, this vulnerability could have allowed attackers to overwrite return addresses and fu
A series of unbounded `sprintf()` calls in `src/mainmenu.c` created a realistic buffer overflow attack chain, allowing an attacker to craft a malicious campaign file that triggers arbitrary code execution when loaded by a victim. The fix replaces each unsafe `sprintf()` with `snprintf()`, enforcing strict buffer size limits and eliminating the overflow conditions. Because campaign files are routinely shared in game communities, this vulnerability required no special access and posed a significan
A critical buffer overflow vulnerability was discovered and patched in `universe/command.c`, where four unbounded `sprintf` calls allowed attacker-controlled strings from simulation save files to overflow a fixed-size stack buffer. Left unpatched, this flaw could enable arbitrary code execution by anyone who could craft a malicious save file. The fix replaces dangerous `sprintf` calls with bounded alternatives, closing the door on a classic but still devastatingly effective class of memory corru
A critical stack buffer overflow vulnerability was discovered and patched in count.c, where unsafe sprintf() calls wrote into fixed-size stack buffers without bounds checking, potentially allowing attackers to overwrite the stack and achieve arbitrary code execution. This fix eliminates a classic but dangerous class of memory corruption bugs that has plagued C programs for decades. Understanding how this vulnerability works — and how to prevent it — is essential knowledge for any developer worki
A critical stack buffer overflow vulnerability was discovered and patched in vzic-parse.c, where unbounded sprintf() calls constructed file paths from timezone data fields into fixed-size stack buffers without any length validation. An attacker supplying a malicious timezone data file could overflow the stack buffer, overwrite the return address, and achieve arbitrary code execution. This fix serves as a timely reminder of why safe string-handling functions are non-negotiable in C code.
A critical stack-based buffer overflow vulnerability was discovered and patched in `src/mapscale.c`, where five unbounded `sprintf` calls wrote formatted output into fixed-size stack buffers without any bounds checking. An attacker controlling unit text strings could overflow the stack buffer, potentially overwriting the function return address and achieving arbitrary code execution. The fix replaces dangerous `sprintf` calls with their bounds-checked counterparts, eliminating the overflow risk
A critical stack buffer overflow vulnerability was discovered and patched in HardInfo2's cpu_util.c, where six unbounded sprintf() calls wrote locale-translated CPU topology labels into fixed-size stack buffers without length constraints. An attacker supplying a crafted translation file could overflow the stack buffer, overwrite saved return addresses, and potentially achieve arbitrary code execution. The fix replaces these dangerous calls with length-bounded alternatives, eliminating the overfl
A critical buffer overflow vulnerability was discovered and patched in `cdrom_image_viso.c`, where three unbounded `sprintf()` calls could write past the boundaries of fixed-size buffers, corrupting stack frames and heap metadata. This type of vulnerability is a classic avenue for attackers to achieve arbitrary code execution or crash a system entirely. The fix replaces unsafe formatting calls with size-bounded alternatives, closing the door on a potentially devastating exploit path.