oss-sec mailing list archives
Re: Possible CVE Requests: libmspack: several issues
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 3 Feb 2015 17:24:58 +0100
Hi, On Tue, 3 Feb 2015 16:52:05 +0100 Salvatore Bonaccorso <carnil () debian org> wrote:
Several issues with the libmspack library were reported recently in the Debian bugtracker by Jakub Wilk.
Some additional info: This code is shared with cabextract. I recently also reported issues to the author that were all fixed in the cabextract 1.5 and libmspack 0.5alpha releases. (The author was unaware that I am not part of debian, so he only mentions Debian fixes in the release notes - but these include the fixes for the issues reported by me). Rundown of issues I found: Invalid read in ensure_filepath: ==29962==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000efd2 at pc 0x40aafd bp 0x7fff365ba030 sp 0x7fff365ba020 READ of size 1 at 0x60200000efd2 thread T0 #0 0x40aafc in ensure_filepath src/cabextract.c:1034 #1 0x40aafc in process_cabinet src/cabextract.c:504 #2 0x40aafc in main src/cabextract.c:350 #3 0x7ff5e30f8f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f) #4 0x40be2d (/tmp/cabextract-1.4/cabextract+0x40be2d) Invalid in create_output_name: ==29965==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000effe at pc 0x40a9b8 bp 0x7fffd50309e0 sp 0x7fffd50309d0 READ of size 1 at 0x60200000effe thread T0 #0 0x40a9b7 in create_output_name src/cabextract.c:828 #1 0x40a9b7 in process_cabinet src/cabextract.c:444 #2 0x40a9b7 in main src/cabextract.c:350 #3 0x7f68d131bf9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f) #4 0x40be2d (/tmp/cabextract-1.4/cabextract+0x40be2d) All found with american fuzzy lop. (P.S.: Do we have a policy on attachments on this list? I was unsure if it'd be apprechiated that I attach the issue-exposing samples) cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Possible CVE Requests: libmspack: several issues Salvatore Bonaccorso (Feb 03)
- Re: Possible CVE Requests: libmspack: several issues Hanno Böck (Feb 03)
- Re: Possible CVE Requests: libmspack: several issues Moritz Mühlenhoff (Feb 22)
- Re: Possible CVE Requests: libmspack: several issues Salvatore Bonaccorso (Mar 03)