oss-sec mailing list archives
CVE request: libksba out-of-bouds read remote DOS issue fixed in 1.3.4
From: Andreas Stieger <astieger () suse com>
Date: Tue, 10 May 2016 20:08:05 +0200
libksba 1.3.4 was released with the following in NEWS:
* Fixed two OOB read access bugs which could be used to force a DoS.
The first is http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64
Fix possible read access beyond the buffer. > > * src/ber-help.c (_ksba_ber_parse_tl): Add extra sanity check. > *
src/cert.c (ksba_cert_get_cert_policies): Check TLV given length > against buffer length. > (ksba_cert_get_ext_key_usages): Ditto. > * src/ocsp.c (parse_asntime_into_isotime): Ditto. > -- > > The returned length of the object from _ksba_ber_parse_tl (ti.length) > was not always checked against the actual buffer length, thus leading > to a read access after the end of the buffer and thus a segv. > > GnuPG-bug-id: 2344 > Reported-by: Pascal Cuoq > Signed-off-by: Werner Koch <wk () gnupg org <mailto:wk () gnupg org>> The second (6be61daac047d8e6aa941eb103f8e71a1d4e3c75 <http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75>) was already assigned CVE-2016-4574 (incomplete fix for CVE-2016-4356) elsethread. http://seclists.org/oss-sec/2016/q2/300 Could a CVE be assigned to this issue? Andreas -- Andreas Stieger <astieger () suse com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: libksba out-of-bouds read remote DOS issue fixed in 1.3.4 Andreas Stieger (May 10)
- Re: CVE request: libksba out-of-bouds read remote DOS issue fixed in 1.3.4 cve-assign (May 11)