Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch

[Giancarlo Canales <gcanalesb () me com>]

I recently discovered several highly similar stack overflow weakness in squashfs-tools and sasquatch.
This issue has already been made public to both projects, with recommendations on how to fix them, but a fix has not 
been released by the project maintainers.

Sasquatch is an experimental fork of squashfs-tools.
Squashfs-tools is present in the repositories of Debian, CentOS, and other Linux distributions.

The vulnerability can be exploited by using the unsquashfs command to unpack a malicious squashfs image that causes a 
stack overflow in an unchecked variable length array.
Thereafter, a function that copies data from the squashfs image to the overflown array is executed.

I’m requesting a CVE number for this vulnerability,  per project.

Title: Stack overflows in squash-fs
Products: squash-fs
Affects: All versions
Type: Stack overflow
First CVE ID Request: Yes

Title: Stack overflows in sasquatch
Products: sasquatch
Affects: All versions
Type: Stack overflow
First CVE ID Request: Yes

Fore information about the stack overflow, please visit:
https://github.com/devttys0/sasquatch/pull/5

Thanks in advance,


Giancarlo Canales Barreto

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail