CVE-2025-5297
Stack-based buffer overflow in SourceCodester Computer Store 1.0
Overview
The SourceCodester Computer Store System suffers from a critical stack-based buffer overflow vulnerability in version 1.0. In the 'Add' function of the 'main.c' file, manipulation of specific arguments can trigger this vulnerability.
Technical Details
The vulnerability exists in the 'laptopcompany/RAM/Processor' argument of the 'Add' function in 'main.c'. This leads to a critical stack-based buffer overflow vulnerability. This vulnerability can be exploited locally.
CVSS Metrics
- CVSS Version: 3.1
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
- BaseScore: 5.3
- Severity: Medium
Impact
A successful exploit could allow an attacker to overflow the stack buffer of the application, potentially leading to arbitrary code execution, denial of service, and unauthorized disclosure of information.
Recommendations
Upgrade to the latest version of the SourceCodester Computer Store System. Implement a robust input validation mechanism. Limit and monitor the privileges of system applications.
Threat Metrics
- cvss_score: 5.3
- severity: Medium
- attack_vector: Local
- attack_complexity: Low