Overview

Vulnerability Details

Untitled

The function sub_41D354() is used to parse HTTP headers. When handling the 'soapaction', it directly copies the header value to 0x589A94 without checking the string length. This could result in out-of-bound writing.

This allows an unauthorized attacker to perform a DoS attack, and possibly remote code execution.

POC

buf = b'POST / HTTP/1.1\\r\\nContent-length: 1\\r\\nSOAPACTION: ' + b'A'*0x500 + b"\\r\\n\\r\\nA"

Untitled