CVE-2022-44317 PicoC 3.2.2 had a buffer overflow in StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.

CVE-2022-44317 PicoC 3.2.2 had a buffer overflow in StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.

This would lead to arbitrary code execution in the context of the running PHP interpreter if a user were tricked into opening a specially crafted file. An attacker would have to convince a user to open a malicious file with a web application that provides functionality to open file types.

PicoC Version 3.2.2 was discovered to contain a stack buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.

An attacker could trigger this flaw by presenting a user with a specially crafted file that can be opened by a web application. This could lead to arbitrary code execution in the context of the running PHP interpreter.

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.

An attacker could trigger this flaw by presenting a user with a specially crafted file that can be opened by a web application. This could lead to arbitrary code execution in the context of the running PHP interpreter.

PicoC Version 3.2.2 was discovered to contain a NULL pointer dereference in the ExpressionParser function in ExpressionParser.c when called from ExpressionParseFunctionCall.

An attacker could trigger this flaw by presenting a user with a specially crafted file that can be opened by a web application. This could lead to arbitrary code execution

PicoC 3.3.0 - Version 3.3.0 and prior

, 3.2.2 - Version 3.2.2 and prior, 3.1.4 - Version 3.1.4 and prior: These vulnerabilities affect PicoC versions 3.3.0, 3.2.2, and 3.1.4

PicoC 3.3.0, 3.2.2, and 3.1.4 were discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall that may be exploited by an attacker who can provide a specially crafted file to a user of a web application that provides functionality to open file types through the use of ExpressionParser function in ExpressionParser which could lead to arbitrary code execution in the context of the running PHP interpreter if a user were tricked into opening a malicious file with the application

PicoC version 4.0.0 contained a stack buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.


An attacker could trigger this flaw by presenting a user with a specially crafted file that can be opened by a web application. This could lead to arbitrary code execution in the context of the running PHP interpreter.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe