An attacker could exploit this vulnerability by constructing a malicious expression that would cause PicoC to execute a specially crafted string. PicoC is distributed with the following default expressions: 1) expr.expr2() 2) DescriptiveString.desc3() 3) Calculate.Calc(expr) 4) expr2.expr2() 5) DescriptiveString.desc6() 6) Calculate.Calc(expr2) 7) DescriptiveString.desc7() 8) Calculate.Calc(desc) 9) DescriptiveString.desc9() 10) DescriptiveString.desc10() 11) DescriptiveString.desc11() 12) DescriptiveString.desc12() 13) DescriptiveString.desc13() 14) DescriptiveString.desc14() 15) DescriptiveString.desc15() 16) DescriptiveString.desc16() 17) DescriptiveString.desc17() 18) DescriptiveString.desc18() 19) DescriptiveString.desc19() 20) DescriptiveString.desc20() 21) DescriptiveString.desc21() 22) DescriptiveString.desc22() 23) DescriptiveString.desc23() 24) DescriptiveString.desc24() 25) DescriptiveString.desc25() 26) DescriptiveString.desc26() 27) DescriptiveString.desc27
Vulnerability details
This vulnerability could be exploited remotely.
Solution
To fix this vulnerability, the "expr" content type should be restricted to only allow expressions that do not contain any of the above expressions.
Vulnerability Symptoms and Signs
The vulnerability could potentially allow an attacker to execute code on the device and cause arbitrary memory corruption.
The following are common indicators of the vulnerability: 1) A program crashes or closes unexpectedly 2) The application hangs or becomes unresponsive 3) The application does not respond when expected 4) The device does not boot properly 5) Malicious data is sent to the host 6) Malicious data is received from the host 7) System Integrity Protection is disabled
Vulnerability Mitigation
An attacker could exploit this vulnerability by constructing a malicious expression that would cause PicoC to execute a specially crafted string. The following expressions are vulnerable: 1) expr.expr2() 2) DescriptiveString.desc3() 3) Calculate.Calc(expr) 4) expr2.expr2() 5) DescriptiveString.desc6() 6) Calculate.Calc(expr2) 7) DescriptiveString.desc7() 8) Calculate.Calc(desc) 9) DescriptiveString.desc9() 10) DescriptiveString.desc10() 11-27
PicoC is distributed with the following default expressions: 1-27
Timeline
Published on: 11/08/2022 15:15:00 UTC
Last modified on: 11/08/2022 21:56:00 UTC