Date: Sat, 24 Oct 2015 10:31:16 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com, CVE ID Requests <cve-assign@...re.org> Subject: Heap overflow and endless loop in exfatfsck / exfat-utils https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html exfat-utils is a collection of tools to work with the exFAT filesystem. Fuzzing the exfatfsck with american fuzzy lop led to the discovery of a write heap overflow and an endless loop. Especially at risk are systems that are configured to run filesystem checks automatically on external devices like USB flash drives. A malformed input can cause a write heap overflow in the function verify_vbr_checksum. It might be possible to use this for code execution. Upstream bug report https://github.com/relan/exfat/issues/5 Sample file triggering the bug https://crashes.fuzzing-project.org/exfatfsck-heap-overflow-write-verify_vbr_checksum Git commit for fix https://github.com/relan/exfat/commit/2e86ae5f81da11f11673d0546efb525af02b7786 Another malformed input can cause an endless loop, leading to a possible denial of service. Upstream bug report https://github.com/relan/exfat/issues/6 Sample file triggering the bug https://crashes.fuzzing-project.org/exfatfsck-endless-loop Git commit of fix https://github.com/relan/exfat/commit/35a1f77f9be2d8b21731f758baba4334935bf18b Both issues have been fixed in the latest release 1.2.1 of exfat-utils. https://github.com/relan/exfat/releases/tag/v1.2.1 -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ