A critical stack-based buffer overflow in Hashcat v7.1.2 poses a severe risk of arbitrary code execution for users processing untrusted rule files or password candidates.

This vulnerability is a stack-based buffer overflow located in the mangle_to_hex_lower() and mangle_to_hex_upper() functions. It occurs due to inadequate bounds checking when handling password candidates of 128 characters or more, which causes memory corruption during hexadecimal conversion.

Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution on the host running the hash-cracking software. Given the CVSS score of 9.8, this represents a critical risk to system integrity and confidentiality, potentially leading to a full system compromise if the Hashcat process runs with elevated privileges.

Immediate Action: Upgrade to the latest version of Hashcat immediately to incorporate the necessary bounds checking.

Proactive Monitoring: Monitor system logs for unexpected process crashes or segmentation faults during hash-cracking operations, which may indicate attempted exploitation.

Compensating Controls: Ensure Hashcat is executed within a containerized or sandboxed environment with restricted permissions to limit the impact of potential code execution.

Public Exploit Available: No

The severity of this vulnerability necessitates an immediate update to the latest version of Hashcat. Organizations should prioritize patching to prevent potential remote code execution scenarios stemming from the processing of malicious rule sets or password lists.