7 lines
No EOL
748 B
Text
7 lines
No EOL
748 B
Text
source: https://www.securityfocus.com/bid/13463/info
|
|
|
|
The Mtp-Target server is prone to a memory corruption vulnerability. The issue exists because a comparison fails to ensure that an integer value parameter retrieved from a client is signed. A check is made to ensure that the user-supplied value is less than 1000000 bytes. If the value passed is FFFFFFFFh, it is interpreted as a signed -1 and the check passes. The value is later used as an unsigned integer in a memory allocation operation. An allocation of 4.29 GB of data is attempted and the service crashes.
|
|
|
|
Immediate consequences of exploitation of this vulnerability are a denial of service.
|
|
|
|
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/25584.zip |