[CVE-2020-26800] Stack based buffer overflow while parsing JSON file

[Cr0wTom]

Short description

Stack based buffer overflow while parsing JSON file Leads to DoS

Attack scenario

An attacker can supply a specially crafted config.json file, consisting of 3764 left square brackets or more, which results in segmentation fault by the application. This immediately results in Denial of Service, and with more advanced exploitation it can have further implications, with higher severity security issues.

Components

Aleth 1.8.0

Reproduction

Create a .json file consisting of 3764 left square brackets ([) or more. Run it using the following command; ./aleth --config followed by the .json file created earlier.

The stack overflow can be examined with gdb (set args --config ./test.json) or with valgrind (valgrind ./aleth --config ./test3.json).

I submitted this bug in the bug bounty program in Oct 05, 2020, but that kind of vulnerabilities are out of scope. As there was no intention to publish the vulnerability and issue a fix after 3 months I responsibly disclose the vulnerability with the intention to help the security team to fix the issue or mark the application as EOL if that's the case. As I didn't manage to properly compile the app with my fuzzers compiler I could use some insights on where the parser of the config file is.

In any case, I would be happy to help and assist with the issue.

Edit/Update: Github Issue creation for the issue has been approved.

Edit/Update 2: CVE has been issued. I will update once it is public.

Edit/Update 3: CVE has been published: https://nvd.nist.gov/vuln/detail/CVE-2020-26800

[OS-WS]

Hi, was this issue ever addressed?

[Cr0wTom]

Hi, was this issue ever addressed?

Hello, as far as i understand the project is dead and I don't believe that a fix is planned.