spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.
The vulnerability results from improper handling of the READ_STRING system call in the SPIM simulator – the read_input function does not properly verify the length of the read string, leading to writing beyond buffer boundaries (out-of-bounds write, CWE-787) and reading beyond boundaries (out-of-bounds read, CWE-125). CWE-120 classification indicates lack of control over the size of copied string, while CWE-274 suggests improper permission management in this context. An attacker can provide crafted input data to the simulator, triggering buffer overflow on the stack or heap.
Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code (RCE) in the context of the simulator process, as well as cause application crash (denial of service) or read sensitive data from the process memory.
Patches available from the manufacturer should be applied according to references. In case of missing official updates, it is recommended to not expose the SPIM simulator to untrusted users and to monitor inputs passed to the simulator process.
spimsimulator SPIM version 9.1.24 and all earlier versions
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSpimsimulator Spim
APPSpimsimulator≤ 9.1.24