This would lead to arbitrary code execution in the context of the running PHP interpreter if a user were tricked into opening a specially crafted file. An attacker would have to convince a user to open a malicious file with a web application that provides functionality to open file types.
PicoC Version 3.2.2 was discovered to contain a stack buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.
An attacker could trigger this flaw by presenting a user with a specially crafted file that can be opened by a web application. This could lead to arbitrary code execution in the context of the running PHP interpreter.
PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.
An attacker could trigger this flaw by presenting a user with a specially crafted file that can be opened by a web application. This could lead to arbitrary code execution in the context of the running PHP interpreter.
PicoC Version 3.2.2 was discovered to contain a NULL pointer dereference in the ExpressionParser function in ExpressionParser.c when called from ExpressionParseFunctionCall.
An attacker could trigger this flaw by presenting a user with a specially crafted file that can be opened by a web application. This could lead to arbitrary code execution
PicoC 3.3.0 - Version 3.3.0 and prior
, 3.2.2 - Version 3.2.2 and prior, 3.1.4 - Version 3.1.4 and prior: These vulnerabilities affect PicoC versions 3.3.0, 3.2.2, and 3.1.4
PicoC 3.3.0, 3.2.2, and 3.1.4 were discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall that may be exploited by an attacker who can provide a specially crafted file to a user of a web application that provides functionality to open file types through the use of ExpressionParser function in ExpressionParser which could lead to arbitrary code execution in the context of the running PHP interpreter if a user were tricked into opening a malicious file with the application
PicoC version 4.0.0 contained a stack buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.
An attacker could trigger this flaw by presenting a user with a specially crafted file that can be opened by a web application. This could lead to arbitrary code execution in the context of the running PHP interpreter.
Timeline
Published on: 11/08/2022 15:15:00 UTC
Last modified on: 11/08/2022 21:56:00 UTC