|
Message-ID: <20160127220326.5a8828a2@pc1>
Date: Wed, 27 Jan 2016 22:03:26 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Heap buffer overflow in fgetwln function of libbsd
https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
libbsd is a library to provide common functions from BSD systems on
Linux.
libbsd 0.8.1 and earlier contains a buffer overflow in the function
fgetwln(). An if checks if it is necessary to reallocate memory in the
target buffer. However this check is off by one, therefore an out of
bounds write happens.
Upstream has released version 0.8.2 to fix this.
I have checked where this function gets used. I didn't find any code
using it, so I assume the impact is limited.
This bug was found with the help of Address Sanitizer.
https://bugs.freedesktop.org/show_bug.cgi?id=93881
http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno@...eck.de
GPG: BBB51E42
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.