SWI-Prolog "canoniseFileName()" and "expand()" Buffer
SWI-Prolog "canoniseFileName()" and "expand()" Buffer Overflow Vulnerabilities
Release Date : 2013-01-04
Criticality level : Moderately critical
Impact: System access
Where : From remote
Solution Status : Vendor Patch
Software: SWI-Prolog 6.x
Two vulnerabilities have been reported in SWI-Prolog, which can be exploited by malicious people to potentially compromise a vulnerable system.
1) An error within the "canoniseFileName()" function (os/pl-os.c) when handling patch canonisation paths can be exploited to cause a stack-based buffer overflow.
2) An error within the "expand()" function (os/pl-glob.c) when expanding file names can be exploited to cause a stack-based buffer overflow.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 6.2.5.
Update to version 6.2.5.
Provided and/or discovered by:
Reported by the vendor.