sdandois
commented
2 years ago You may contact the mantainer of this project also https://github.com/RonRadtke/react-native-blob-util.
Open KennyGoi opened 2 years ago
sdandois
commented
2 years ago You may contact the mantainer of this project also https://github.com/RonRadtke/react-native-blob-util.
Affected files: rn-fetch-blob/ios/RNFetchBlobFS.m
591: int digestLength = [[keysToDigestLengths objectForKey:algorithm] intValue];rn-fetch-blob/ios/RNFetchBlobFS.m
597: unsigned char buffer[digestLength];Risks: An attacker specifies a large number where the program is expecting signed numbers, the program interprets it as a negative number. The program checks if the buffer size is not too big, and the test passes. Then, the program, allocates a buffer of that size, causing the memory allocation to fail or causing a heap overflow if the allocation succeeds. For more information see section “Avoiding Integer Overflows and Underflows” in “Apple Secure Coding Guide” document: https://developer.apple.com/library/ios/documentation/Security/Conceptual/SecureCodingGuide/
If the size of a buffer is calculated using data supplied by the user, there is the potential for a malicious user to enter a number that is too large for the integer data type, which can cause program crashes and other problems.
Affected files: rn-fetch-blob/scripts/prelink.js
7: var package = JSON.parse(fs.readFileSync(PACKAGE_JSON));rn-fetch-blob/scripts/prelink.js
62: return parseFloat(/\d\.\d+(?=\.)/.exec(package.dependencies['react-native']));Risks: The application performs some action by creating and running code that includes untrusted data, which might be under control of a malicious user. If the data contains malicious code, the executed code could contain system-level activities engineered by an attacker, as though the attacker were running code directly on the application server.
An attacker could run arbitrary code on the application server host. Depending on the application’s OS permissions,these could include: