CVE-2023-52339: Python Like Custom Buffer Realloc Overflow
Missing integer overflow check before calculating `$POS + $SIZE` for memory reallocation bounds. If an attacker controls `$SIZE`, it can arithmetic overflow and bypass the bounds check `$CAPACITY < $POS + $SIZE`. This causes `$ALLOC` to allocate a buffer smaller than expected, leading to a heap buffer overflow.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
C++β
C++βgreprules fetch cve-2023-52339-python-like-custom-buffer-realloc-overflow --engine opengrepDescription
Missing integer overflow check before calculating `$POS + $SIZE` for memory reallocation bounds. If an attacker controls `$SIZE`, it can arithmetic overflow and bypass the bounds check `$CAPACITY < $POS + $SIZE`. This causes `$ALLOC` to allocate a buffer smaller than expected, leading to a heap buffer overflow.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0