Buffer overflow in shell history

Description

The vulnerability mentioned below can be triggered by entering the "history" command in the shell after introducing the two large buffers as well. The steps to reproduce are as follows:

1. Launch Zephyr OS in QEMU.
2. Enter 150 "A"s into the terminal. Press Enter.
3. Enter 234 "A"s into the terminal. Press Enter.
4. Issue the "history" command in the shell environment.
5. OS crashes.

This enables the vulnerability to be exploited remotely on Zephyr OS hosts with telnet enabled.

Split from

Environment

None

Assignee

David Brown

Reporter

dubfr33

Labels

None

Authorized viewers

None

CVE

CVE-2017-14202

Embargo Lift

None

Fix versions

Affects versions

Priority

Medium
Configure