BufferOverflow in arnoldaldrin/binaries


Reported on

Aug 29th 2022


Buffer Overflow is most commonly found in languages ​​such as C and C ++, where there is the need for prior definition of the memory size of the buffer to be used. The program calls a gets() function, which does not checks against overflowing the size assigned to buffer. As a result, it is possible to intentionally or unintentionally store more data in the buffer, which will cause a stack based overflow.

Vulnerable code:

int main()
 int n,j,i;
 printf("Enter the no. of processes:");

Proof of Concept

python -c 'print("A"*5000)' | ./fcfs 

Result:  Segmentation fault (core dumped) 


  1. Arbitrary code execution and elevation of privilege

  2. DoS (Denial of Service)


We are processing your report and will contact the arnoldaldrin/binaries team within 24 hours. 2 years ago
Arnold Aldrin gave praise 2 years ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Arnold Aldrin validated this vulnerability 2 years ago
7h3h4ckv157 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Arnold Aldrin
2 years ago


Arnold Aldrin marked this as fixed in 1 with commit be8e7c 2 years ago
The fix bounty has been dropped
FCFS.c#L6 has been validated
to join this conversation