oss-sec mailing list archives
Re: screen crash processing combining characters
From: Utkarsh Gupta <utkarsh () debian org>
Date: Wed, 10 Feb 2021 01:12:21 +0530
Hi, On Tue, 9 Feb, 2021, 9:39 pm Tavis Ormandy, <taviso () gmail com> wrote:
Hello, I noticed someone posted this to the screen-devel list. I can reproduce it here, just catting the testcase does crash my screen session. https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html (I think it wasn't supposed to be public, but it is, so better it's visible to security teams) It looks like it might be exploitable at first glance, I see a crash here in encoding.c, because i is out of range. 1411 else if (!combchars[i]) 1412 { 1413 combchars[i] = (struct combchar *)malloc(sizeof(struct combchar)); 1414 if (!combchars[i]) 1415 return; 1416 combchars[i]->prev = i; 1417 combchars[i]->next = i; 1418 } Exploitable or not, it would be annoying if someone stuffed this into logfiles being tailed, or whatever.
Got CVE-2021-26937 assigned for this. - u
Current thread:
- screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Harry Sintonen (Feb 09)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: Re: screen crash processing combining characters Utkarsh Gupta (Feb 10)
- Re: Re: screen crash processing combining characters Salvatore Bonaccorso (Feb 10)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Utkarsh Gupta (Feb 09)