oss-sec mailing list archives
CVE-2017-7555 augeas: crash/memory corruption when handling certain escaped strings
From: Doran Moppert <dmoppert () redhat com>
Date: Thu, 17 Aug 2017 14:24:47 +0930
A vulnerability was found in augeas <http://augeas.net/> that could allow attackers to cause memory corruption possibly leading to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name(). A patch created by David Lutterkort is available on the following PR: https://github.com/hercules-team/augeas/pull/480 Briefly, input strings ending with a whitespace char would be escaped (aug_escape_name) then incorrectly trimmed in parse_name, leading to a later loop stepping over the terminating NUL character. Crashes in libvirtd were observed. This issue was discovered by Han Han (Red Hat) through fuzzing with the Dice testing framework. https://bugzilla.redhat.com/show_bug.cgi?id=1478373 -- Doran Moppert Red Hat Product Security
Attachment:
_bin
Description:
Current thread:
- CVE-2017-7555 augeas: crash/memory corruption when handling certain escaped strings Doran Moppert (Aug 16)