FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

hashcash -- heap overflow vulnerability

Affected packages
hashcash < 1.22


VuXML ID 2be7c122-0614-11db-9156-000e0c2e438a
Discovery 2006-06-27
Entry 2006-06-27

Andreas Seltenreich reports that hashcash is prone to a heap overflow vulnerability. This vulnerability is caused by improper checking of memory allocations within the "array_push()" function. An attacker could trigger this vulnerability by passing a lot of "-r" or "-j" flags from the command line, this only applies when the application is configured to allow command line options, or by passing a lot of resource names when the application was started with the "-m" flag set. This could lead to a Denial or Service or could allow remote access to the targeted system.