Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-0689 PoC — OpenBSD缓冲区溢出漏洞

Source
https://github.com/Fullmetal5/str2hax
Associated Vulnerability
Title:OpenBSD缓冲区溢出漏洞 (CVE-2009-0689)
Description:Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Description
An implementation of CVE-2009-0689 for the Nintendo Wii.
File Snapshot

 [4.0K]  /data/pocs/5546878ab850fbd806375e9e48f380c650e0fa1f
├── [2.1K]  chain_builder.c
├── [1.2K]  create.sh
├── [ 179]  htaccess_handler
├── [  55]  htaccess_redirect
├── [1.5K]  index.html
├── [ 34K]  LICENSE
├── [4.0K]  loader
│   ├── [2.5K]  console.c
│   ├── [ 687]  crt0.s
│   ├── [1.1K]  elf.c
│   ├── [ 723]  exception_2200.s
│   ├── [1.3K]  exception.c
│   ├── [ 943]  font2c.pl
│   ├── [5.5K]  font.png
│   ├── [ 68K]  font.ppm
│   ├── [4.6K]  ios.c
│   ├── [3.9K]  loader.h
│   ├── [ 560]  loader.lds
│   ├── [4.7K]  main.c
│   ├── [1.5K]  Makefile
│   ├── [ 973]  string.c
│   ├── [ 871]  sync.c
│   ├── [ 615]  time.c
│   ├── [ 23K]  tinfl.c
│   └── [3.4K]  video.c
├── [ 322]  loaderstub.lds
├── [ 837]  loaderstub.s
├── [3.2K]  multi_tool.c
├── [4.0K]  payload
│   ├── [1004]  convert_payload.c
│   ├── [ 378]  make_it.sh
│   ├── [1.5K]  pack_payload.c
│   └── [6.2K]  zpipe.c
└── [9.5K]  rd.png

2 directories, 32 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →