oss-sec mailing list archives
Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch
From: Giancarlo Canales <gcanalesb () me com>
Date: Wed, 17 Jun 2015 19:26:49 -0400
I recently discovered several highly similar stack overflow weakness in squashfs-tools and sasquatch. This issue has already been made public to both projects, with recommendations on how to fix them, but a fix has not been released by the project maintainers. Sasquatch is an experimental fork of squashfs-tools. Squashfs-tools is present in the repositories of Debian, CentOS, and other Linux distributions. The vulnerability can be exploited by using the unsquashfs command to unpack a malicious squashfs image that causes a stack overflow in an unchecked variable length array. Thereafter, a function that copies data from the squashfs image to the overflown array is executed. I’m requesting a CVE number for this vulnerability, per project. Title: Stack overflows in squash-fs Products: squash-fs Affects: All versions Type: Stack overflow First CVE ID Request: Yes Title: Stack overflows in sasquatch Products: sasquatch Affects: All versions Type: Stack overflow First CVE ID Request: Yes Fore information about the stack overflow, please visit: https://github.com/devttys0/sasquatch/pull/5 Thanks in advance, Giancarlo Canales Barreto
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch Giancarlo Canales (Jun 17)
- Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch cve-assign (Jun 18)
- Re: Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch Giancarlo Canales (Jun 18)
- CVE request: Stack overflow in redcarpet's header_anchor Giancarlo Canales (Jun 29)
- Re: CVE request: Stack overflow in redcarpet's header_anchor cve-assign (Jun 30)
- Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch cve-assign (Jun 18)