[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request: reads out-of-bounds with cpio 2.11
From: Petter Reinholdtsen <pere () hungry ! com>
Date: 2016-06-14 8:39:05
Message-ID: loom.20160614T103255-750 () post ! gmane ! org
[Download RAW message or body]
>> Two reads out-of-bounds in cpio 2.11 were found in the parsing of cpio
>> files
Note, testing with valgrind show that after the out-of-bounds reads,
there is an out-of-bounds write too. The issue is triggered by a
file name length of zero in an internal data structure. This cases
the code to do operations on a buffer returned by malloc(0), first a memory
access, then a memory write and finally a lstat().
I've send the valgrind output and a patch to fix it to
<URL: http://bugs.debian.org/815965 > and upstream.
I have no idea if the issue is a security issue, though. I could not
come up with a way to use the unwanted reads and writes for anything
interesting.
--
Happy hacking
Petter Reinholdtsen
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic