Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
alanfranz 5 hours ago

I’ll answer to myself: an RCE is very unlikely on any modern platform. DoS is possible.

“ Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.”

From: https://openssl-library.org/news/secadv/20260127.txt

b1temy 5 hours ago | parent | next [-]

The link in the HN submission contains the same text and excerpt from your link.

Additionally they note: -

"While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk."

IMO, probably in of itself, this alone is not able to do much besides maybe a crash / Denial of Service on modern systems. But it might be able to be used as part of a more advanced exploit chain, alongside other vulnerabilities, to potentially reach remote code execution, though this would be a much more sophisticated exploit and is maybe a bit of a reach. Still, I hesitate to call it impossible on modern systems due to the creativity of exploit developers.

JohnLeitch 4 hours ago | parent | next [-]

> though this would be a much more sophisticated exploit and is maybe a bit of a reach.

Not necessarily. I have successfully exploited stack buffer overflows in major products despite stack canaries, ASLR, and DEP. It largely depends on context; if the vector is something that can be hit repeatedly, such a webform that that takes a cert or whatever, that simplifies things a lot versus something like a file format exploit, where you probably only get one chance. While I haven't analyzed this vulnerability, I would absolutely assume exploitability even if I couldn't see a way myself.

alanfranz 5 hours ago | parent | prev [-]

You are right. I linked a differently formatted article with the same content. I don’t know why I didn’t initially notice such text.

woodruffw 5 hours ago | parent | prev [-]

"Modern platform" is doing a lot of lifting; CMS and PKCS#7 rear their heads in all kinds of random places, like encryption/signing of OTA updates for routers. Those platforms are often (unreasonably) 10-20 years behind the norm for compile-time mitigations.