oss-sec mailing list archives
Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch
From: cve-assign () mitre org
Date: Thu, 18 Jun 2015 13:05:12 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
As far as we can tell, there are two independent types of problems:
We would guess that the most likely case is that only 3 and 6 are applicable, i.e., the code problems are found only in unsquash-1.c/unsquash-2.c/unsquash-3.c/unsquash-4.c and all of these files exist in both squashfs-tools and sasquatch. Is this correct?
Yes, that is correct.
- "int bytes" is incorrect because the return value of SQUASHFS_FRAGMENT_BYTES can be larger than the maximum value of a signed int
Use CVE-2015-4645.
- pull/5 says "If we fix this by making the variable size_t, we run into an unrelated problem in which the stack VLA allocation of fragment_table_index[] can easily exceed RLIMIT_STACK" but actually RLIMIT_STACK can be exceeded regardless of the data type of the bytes variable
Use CVE-2015-4646. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVgvnhAAoJEKllVAevmvms1oMH/iee0wchZqLNcdv94boq7Nu3 5AWJOLkFZjxAZrlyPvKS0e5wpnRO8Crc9ERLq4ndEzg/l5SFn1QSqgQ4eve7BiR7 rReKZo3m67lLBjn2g+eODNgg+SRp0wxzFallB9UnjX5zaE282/toIIj4+7AvPpXN DVEgh96AnIUr0NyI5CsUDp6LJj75m96HOVz3iV4tYsiu2RK03eOjpm2TX9gqj8yT 3AZiXAYx4TkHq34BZMh9zMl762vENMj3ylGfB+/PFUIoQYdilxEbfquX2szZP6KL gLteXkodoHfFN2sagP0pg/t5CNRPeLOqJYW+C04k2/Je7DEglZoJnJq5FKEeRyI= =iU1A -----END PGP SIGNATURE-----
Current thread:
- Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch Giancarlo Canales (Jun 17)
- Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch cve-assign (Jun 18)
- Re: Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch Giancarlo Canales (Jun 18)
- Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch cve-assign (Jun 18)
- Re: Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch Giancarlo Canales (Jun 18)
- CVE request: Stack overflow in redcarpet's header_anchor Giancarlo Canales (Jun 29)
- Re: CVE request: Stack overflow in redcarpet's header_anchor cve-assign (Jun 30)
- Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch cve-assign (Jun 18)