oss-sec mailing list archives
Heap buffer overflow in fgetwln function of libbsd
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 27 Jan 2016 22:03:26 +0100
https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html libbsd is a library to provide common functions from BSD systems on Linux. libbsd 0.8.1 and earlier contains a buffer overflow in the function fgetwln(). An if checks if it is necessary to reallocate memory in the target buffer. However this check is off by one, therefore an out of bounds write happens. Upstream has released version 0.8.2 to fix this. I have checked where this function gets used. I didn't find any code using it, so I assume the impact is limited. This bug was found with the help of Address Sanitizer. https://bugs.freedesktop.org/show_bug.cgi?id=93881 http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7 -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Heap buffer overflow in fgetwln function of libbsd Hanno Böck (Jan 27)
- Re: Heap buffer overflow in fgetwln function of libbsd cve-assign (Jan 27)