oss-sec mailing list archives
Heap use after free in Pidgin-OTR plugin
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 9 Mar 2016 20:21:45 +0100
https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html The pidgin-otr plugin version 4.0.2 fixes a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function create_smp_dialog. The bug was discovered with Address Sanitizer. This is yet another example why all C/C++ code should be tested with Address Sanitizer enabled. This bug was already independently discovered and reported in the otr bug tracker. https://bugs.otr.im/issues/88 Independend of this bug another more severe bug in Libotr itself was also disclosed today, please make sure you update both libotr (4.1.1) and the pidgin-otr plugin (4.0.2). https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/ Upstream bug report (contains Address Sanitizer stack trace): https://bugs.otr.im/issues/128 Commit / fix: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94 -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Heap use after free in Pidgin-OTR plugin Hanno Böck (Mar 09)
- Re: Heap use after free in Pidgin-OTR plugin cve-assign (Mar 09)