[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Nosefart denial of service vulnerability
From: "qflb.wu" <qflb.wu () dbappsecurity ! com ! cn>
Date: 2017-07-30 8:02:02
Message-ID: 6fdf2a1f.e44.15d92843056.Coremail.qflb.wu () dbappsecurity ! com ! cn
[Download RAW message or body]
[Attachment #2 (text/plain)]
Nosefart denial of service vulnerability
================
Author : qflb.wu
===============
Introduction:
=============
Nosefart is NES Music Player.Nosefart plays NSF (Nintendo Entertainment System Sound Format) \
files so you can listen to those old tunes without actually having to play through the games.
Affected version:
=====
2.9-mls
Vulnerability Description:
==========================
the chk_mem_access function in src/cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls \
can cause a denial of service(invalid memory read and application crash) via a crafted nsf \
file.
./nosefart nosefart_2.9-mls_invalid_memory_read.nsf
Program received signal SIGSEGV, Segmentation fault.
0x0000000000401940 in chk_mem_access (
access=0x69752e <error: Cannot access memory at address 0x69752e>, flags=4)
at src/cpu/nes6502/nes6502.c:1195
1195 uint8 oldchk = * access;
(gdb) bt
#0 0x0000000000401940 in chk_mem_access (
access=0x69752e <error: Cannot access memory at address 0x69752e>, flags=4)
at src/cpu/nes6502/nes6502.c:1195
#1 0x0000000000401ad6 in _bank_readbyte (address=61962, flags=4 '\004')
at src/cpu/nes6502/nes6502.c:1265
#2 0x00000000004022c2 in nes6502_execute (remaining_cycles=29823)
at src/cpu/nes6502/nes6502.c:1549
#3 0x0000000000408630 in nsf_inittune (nsf=0x6222a0) at src/machine/nsf.c:309
#4 0x0000000000409adb in nsf_playtrack (nsf=0x6222a0, track=1,
sample_rate=44100, sample_bits=8, stereo=0 '\000') at src/machine/nsf.c:997
#5 0x00000000004106ee in nsf_setupsong () at src/linux/main_linux.c:403
#6 0x0000000000410be9 in play (
filename=0x622030 "/home/a/Documents/file", track=1, doautocalc=0,
reps=0, starting_frame=0, limited=0) at src/linux/main_linux.c:534
#7 0x0000000000411122 in main (argc=2, argv=0x7fffffffdfc8)
at src/linux/main_linux.c:690
(gdb)
POC:
nosefart_2.9-mls_invalid_memory_read.nsf
CVE:
CVE-2017-11119
===============================
qflb.wu () dbappsecurity com cn
["poc.zip" (application/x-zip-compressed)]
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic