Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 8 May 2016 22:19:02 +0200
From: Hanno Böck <>
Subject: dosfstools / fsck.vfat: Several invalid memory accesses

I lately fuzzed various filesystem check tools. This uncovered a number
of issues in dosfstools / fsck.fat that have now been fixed in the new
version 4.0. All issues were found with american fuzzy lop and address
Global out of bounds read file_stat() / check_dir()
Git commit / fix
Unclear invalid memory access in get_fat()
Git commit / fix
Heap overflow in read_fat()
Heap out of bounds read in get_fat()
Git commit / fix for both issues

These bugs can pose a security risk if a system automatically checks
attached storage media with fsck or in situations where filesystems on
untrusted devices get checked. The new version dosfstools 4.0 fixes all
four bugs.

Hanno Böck


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.