Existence of Stack Overflow Vulnerabilities in Well-known Open Source Projects
This highlights critical security risks in foundational software, potentially affecting millions of users and systems reliant on these projects.
The paper identifies stack overflow vulnerabilities in widely-used open source projects like Linux, Git, and PHP, demonstrating how these can be exploited to inject malicious code and compromise systems.
A stack overflow occurs when a program or process tries to store more data in a buffer (or stack) than it was intended to hold. If the affected program is running with special privileges or accepts data from untrusted network hosts (e.g. a web-server), then it is a potential security vulnerability. Overflowing a stack, an attacker can corrupt the stack in such a way as to inject executable code into the running program and take control of the process. This is one of the easiest and more reliable methods for attackers to gain unauthorized access to a computer. In this paper, we show that how stack overflow occurs and many open source projects, such as - Linux, Git, PHP, etc. contain such code portions in which it is possible to overflow the stacks as well as inject malicious script to harm the normal execution of the processes. In addition, this paper raises a concern to avoid writing such codes those are potentially sources for stack overflow attack.