Heap-Buffer-Overflow Vulnerability in Creolabs Gravity Version 1.0

Heap-Buffer-Overflow Vulnerability in Creolabs Gravity Version 1.0

CVE-2017-1000173 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow.

Learn more about our Web Application Penetration Testing UK.