oss-sec mailing list archives

Heap use after free in Pidgin-OTR plugin

From: Hanno Böck <hanno () hboeck de>
Date: Wed, 9 Mar 2016 20:21:45 +0100

https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html

The pidgin-otr plugin version 4.0.2 fixes a heap use after free error.
The bug is triggered when a user tries to authenticate a buddy and
happens in the function create_smp_dialog.

The bug was discovered with Address Sanitizer. This is yet another
example why all C/C++ code should be tested with Address Sanitizer
enabled.

This bug was already independently discovered and reported in the otr
bug tracker.
https://bugs.otr.im/issues/88

Independend of this bug another more severe bug in Libotr itself was
also disclosed today, please make sure you update both libotr (4.1.1)
and the pidgin-otr plugin (4.0.2).
https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/

Upstream bug report (contains Address Sanitizer stack trace):
https://bugs.otr.im/issues/128
Commit / fix:
https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: _bin
Description: OpenPGP digital signature

Current thread:

Heap use after free in Pidgin-OTR plugin Hanno Böck (Mar 09)
- Re: Heap use after free in Pidgin-OTR plugin cve-assign (Mar 09)