CVE-2019-14662

Vulnerability

Brandy BASIC interpreter version 1.20.1 contains a stack-based buffer overflow in the fileio_openout function defined in src/fileio.c at line 502. The function copies a filename into a fixed-size stack buffer when processing an OPENOUT statement, but does not properly validate the length of the input. A crafted BASIC source file with an overly long filename triggers a write beyond the buffer, as demonstrated by the attached bug report [1].

Exploitation

An attacker can exploit this vulnerability by supplying a malicious BASIC source file to the Brandy interpreter. No special privileges or authentication are required; the user only needs to run the interpreter on the crafted file. The provided reproducer causes a stack buffer overflow with a write of 445 bytes, overwriting adjacent stack memory [1].

Impact

Successful exploitation leads to memory corruption, potentially allowing an attacker to cause a denial of service (crash) or achieve arbitrary code execution in the context of the running interpreter. The bug report confirms a stack-buffer-overflow detected by AddressSanitizer [1].

Mitigation

As of the publication date, no official patch has been released for this vulnerability in Brandy 1.20.1. Users are advised to avoid running untrusted BASIC source files until a fix is available. The issue is not currently listed in CISA's Known Exploited Vulnerabilities catalog.