oss-sec mailing list archives
coreutils sort heap overflow
From: Pádraig Brady <P () draigBrady com>
Date: Fri, 15 May 2015 01:39:27 +0100
FYI on distros with the coreutils i18n patch applied (Suse/RHEL/Fedora/...) a heap overflow can be triggered in sort(1) as per: https://bugzilla.suse.com/show_bug.cgi?id=928749 The following should be the simplest way to trigger this on affected distros: (note the error is not generated 100% of the time): printf '%s\n' a ɑ | MALLOC_CHECK_=1 LC_ALL=en_US.utf8 sort -f Note in UTF8 only a few chars are converted to longer sequences, so the values that can be written are restricted. There is also a theoretical buffer overflow with data around SIZE_MAX/2. Both issues are fixed at: https://github.com/pixelb/coreutils/commit/bea5e36c The fix is public as the bug is already public. thanks, Pádraig.
Current thread:
- coreutils sort heap overflow Pádraig Brady (May 14)
- Re: coreutils sort heap overflow cve-assign (May 19)