Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004)

We discussed this vulnerability during Episode 244 on 20 February 2024

A traditional unbounded strcpy, this one is a bit fun because its happening as a server you are connecting to printing a vulnerable ANSI escape code and arguments.

the command __dt is meant to duplicate a terminal session it will allocate a host and user character arrays on the stack, then strcpy values from the ASNI escape sequence into it. As those are attacker controlled values they can overflow the allocated buffers.