CVE-2021-41499

Vulnerability

A buffer overflow vulnerability exists in pyo versions prior to 1.03 in the Server_debug function within servermodule.c. When debug mode is enabled (verbosity bit 8), the function uses vsprintf to write a formatted string into a fixed 256-byte stack buffer without any length check. An overlong audio file name passed from external modules can overflow this buffer, leading to memory corruption. [1][3]

Exploitation

An attacker with network access can trigger the vulnerability by sending a crafted audio file name to the Server_start_rec_internal function via the recstart Python command. Debug mode must be active for the vulnerable code path to be reached. No authentication or special privileges are required. [3]

Impact

Successful exploitation results in a stack buffer overflow, causing a denial of service (DoS) by crashing the pyo application. The overflow may also potentially corrupt adjacent memory, but the primary impact is service disruption. [1]

Mitigation

Upgrade to pyo version 1.03 or later, which contains the fix. If upgrading is not immediately possible, disable debug mode (clear verbosity bit 8) to avoid triggering the vulnerable code path. No other workarounds are documented. [1][2]