Existence of Stack Overflow Vulnerabilities in Well-known Open Source Projects

TL;DR

This paper investigates the presence of stack overflow vulnerabilities in well-known open source projects, highlighting how such vulnerabilities can be exploited and emphasizing the importance of avoiding insecure coding practices.

Contribution

It reveals the existence of stack overflow vulnerabilities in major open source projects and discusses their potential security implications.

Findings

Many open source projects contain stack overflow vulnerabilities.

Such vulnerabilities can be exploited to inject malicious code.

The paper emphasizes the need for secure coding practices.

Abstract

A stack overflow occurs when a program or process tries to store more data in a buffer (or stack) than it was intended to hold. If the affected program is running with special privileges or accepts data from untrusted network hosts (e.g. a web-server), then it is a potential security vulnerability. Overflowing a stack, an attacker can corrupt the stack in such a way as to inject executable code into the running program and take control of the process. This is one of the easiest and more reliable methods for attackers to gain unauthorized access to a computer. In this paper, we show that how stack overflow occurs and many open source projects, such as - Linux, Git, PHP, etc. contain such code portions in which it is possible to overflow the stacks as well as inject malicious script to harm the normal execution of the processes. In addition, this paper raises a concern to avoid writing such codes those are potentially sources for stack overflow attack.