Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Oct 2015 17:54:10 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Two out of bounds reads in Zstandard / zstd

https://blog.fuzzing-project.org/26-Two-out-of-bounds-reads-in-Zstandard-zstd.html

Zstandard or short zstd is a new compression algorithm and tool
developed by Yann Collet. Fuzzing zstd with american fuzzy lop and
address sanitizer uncovered two out of bounds reads.


Heap out of bounds read in function ZSTD_copy8:

https://crashes.fuzzing-project.org/zstd-oob-heap-ZSTD_copy8
Input sample

https://github.com/Cyan4973/zstd/issues/49
Upstream bug report

https://github.com/Cyan4973/zstd/commit/fc60883d42f7f860d4573e34b466eca632d57966
Git commit / fix


Stack out of bounds read in function HUF_readStats:

https://crashes.fuzzing-project.org/zstd-oob-stack-HUF_readStats
Input sample

https://github.com/Cyan4973/zstd/issues/50
Upstream bug report

https://github.com/Cyan4973/zstd/commit/3e8fbabfa8b16fa605038c68c8fac7fe29f4c78a
Git commit / fix


https://github.com/Cyan4973/zstd/releases/tag/zstd-0.2.1
The new zstd version 0.2.1 fixes both issues.


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ