raptor Jun 4, 2023

Cool #bug 🐞 by @hypr

Can you spot it?

while( (line < (h->req_buf + h->req_buflen)) &&
(h->req_chunklen = strtol(line, &endptr, 16) > 0) &&
(endptr != line) )

chonked pt.1: #minidlna 1.3.2 http chunk parsing heap #overflow (cve-2023-33476) root cause analysis

https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html

chonked pt.1: MiniDLNA 1.3.2 HTTP Chunk Parsing Heap Overflow (CVE-2023-33476) Root Cause Analysis

first part in a two-part series going over a heap overflow in MiniDLNA, a media server commonly deployed in embedded environments. this post provides a summary and root cause analysis of the vulnerability.

hyprblog
Show threadThe Hacker‘s ChoiceJun 5, 2023
@raptor @hypr I guess req_chunklen is not meant to be a boolean, it is either 0 or 1 but does not contain the chunk length.
Show threadhyper 
@thc yup! :)
Jun 8, 2023 at 4:14amWeb