Date: Tue, 10 May 2016 20:08:05 +0200 From: Andreas Stieger <astieger@...e.com> To: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: CVE request: libksba out-of-bouds read remote DOS issue fixed in 1.3.4 libksba 1.3.4 was released with the following in NEWS: > * Fixed two OOB read access bugs which could be used to force a DoS. The first is http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64 > Fix possible read access beyond the buffer. > > * src/ber-help.c (_ksba_ber_parse_tl): Add extra sanity check. > * src/cert.c (ksba_cert_get_cert_policies): Check TLV given length > against buffer length. > (ksba_cert_get_ext_key_usages): Ditto. > * src/ocsp.c (parse_asntime_into_isotime): Ditto. > -- > > The returned length of the object from _ksba_ber_parse_tl (ti.length) > was not always checked against the actual buffer length, thus leading > to a read access after the end of the buffer and thus a segv. > > GnuPG-bug-id: 2344 > Reported-by: Pascal Cuoq > Signed-off-by: Werner Koch <wk@...pg.org <mailto:wk@...pg.org>> The second (6be61daac047d8e6aa941eb103f8e71a1d4e3c75 <http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75>) was already assigned CVE-2016-4574 (incomplete fix for CVE-2016-4356) elsethread. http://seclists.org/oss-sec/2016/q2/300 Could a CVE be assigned to this issue? Andreas -- Andreas Stieger <astieger@...e.com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ