Original Post: Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004)
This vulnerability was analyzed during Episode 244 on 20 February 2024
A traditional unbounded strcpy, this one is a bit fun because its happening as a server you are connecting to printing a vulnerable ANSI escape code and arguments.
the command __dt is meant to duplicate a terminal session it will allocate a host and user character arrays on the stack, then strcpy values from the ASNI escape sequence into it. As those are attacker controlled values they can overflow the allocated buffers.