oss-security - Two out of bounds reads in Zstandard / zstd

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20151024175410.42963a35@pc1>
Date: Sat, 24 Oct 2015 17:54:10 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Two out of bounds reads in Zstandard / zstd

https://blog.fuzzing-project.org/26-Two-out-of-bounds-reads-in-Zstandard-zstd.html

Zstandard or short zstd is a new compression algorithm and tool
developed by Yann Collet. Fuzzing zstd with american fuzzy lop and
address sanitizer uncovered two out of bounds reads.


Heap out of bounds read in function ZSTD_copy8:

https://crashes.fuzzing-project.org/zstd-oob-heap-ZSTD_copy8
Input sample

https://github.com/Cyan4973/zstd/issues/49
Upstream bug report

https://github.com/Cyan4973/zstd/commit/fc60883d42f7f860d4573e34b466eca632d57966
Git commit / fix


Stack out of bounds read in function HUF_readStats:

https://crashes.fuzzing-project.org/zstd-oob-stack-HUF_readStats
Input sample

https://github.com/Cyan4973/zstd/issues/50
Upstream bug report

https://github.com/Cyan4973/zstd/commit/3e8fbabfa8b16fa605038c68c8fac7fe29f4c78a
Git commit / fix


https://github.com/Cyan4973/zstd/releases/tag/zstd-0.2.1
The new zstd version 0.2.1 fixes both issues.


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.