Date: Tue, 14 Jun 2016 08:39:05 +0000 (UTC) From: Petter Reinholdtsen <pere@...gry.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: reads out-of-bounds with cpio 2.11 >> Two reads out-of-bounds in cpio 2.11 were found in the parsing of cpio >> files Note, testing with valgrind show that after the out-of-bounds reads, there is an out-of-bounds write too. The issue is triggered by a file name length of zero in an internal data structure. This cases the code to do operations on a buffer returned by malloc(0), first a memory access, then a memory write and finally a lstat(). I've send the valgrind output and a patch to fix it to <URL: http://bugs.debian.org/815965 > and upstream. I have no idea if the issue is a security issue, though. I could not come up with a way to use the unwanted reads and writes for anything interesting. -- Happy hacking Petter Reinholdtsen
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ