|
Message-ID: <20201119234717.GA18029@brightrain.aerifal.cx>
Date: Thu, 19 Nov 2020 18:47:22 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com, oss-security@...ts.openwall.com
Subject: CVE-2020-28928: musl libc: wcsnrtombs destination buffer overflow
The wcsnrtombs function in all musl libc versions up through 1.2.1 has
been found to have multiple bugs in handling of destination buffer
size when limiting the input character count, which can lead to
infinite loop with no forward progress (no overflow) or writing past
the end of the destination buffera.
This function is not used internally in musl and is not widely used,
but does appear in some applications. The non-input-limiting form
wcsrtombs is not affected.
All users of musl 1.2.1 and prior versions should apply the attached
patch, which replaces the overly complex and erroneous implementation.
The upcoming 1.2.2 release will adopt this new implementation.
View attachment "wcsnrtombs-cve-2020-28928.diff" of type "text/plain" (1373 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.