Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 17 Jun 2016 15:35:19 -0400 (EDT)
From: cve-assign@...re.org
To: hanno@...eck.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Many invalid memory access issues in libarchive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html

> libarchive version 3.2.0 (released on April 30th) fixed a large number
> of memory access bugs that I reported to them a while ago.

> https://github.com/libarchive/libarchive/issues/503
> Unclear invalid memory read in CPIO parser

>> hit end-of-file when trying to read a cpio header

Use CVE-2015-8915.


> https://github.com/libarchive/libarchive/issues/504
> Null pointer access in RAR parser

Use CVE-2015-8916.

There is not a second ID for the "it assumes this is a multivolume
archive" discussion in the
https://github.com/libarchive/libarchive/issues/504#issuecomment-198683221
comment.


> https://github.com/libarchive/libarchive/issues/505
> Null pointer access in CAB parser

>> The real problem though is that the filename in the cabinet is set to
>> 0x97. This single character is not a valid utf8 character and
>> therefore the conversion fails.

Use CVE-2015-8917.


> https://github.com/libarchive/libarchive/issues/506
> Overlapping memcpy in CAB parser

Use CVE-2015-8918.


> https://github.com/libarchive/libarchive/issues/510
> Heap out of bounds read in LHA/LZH parser

Use CVE-2015-8919.


> https://github.com/libarchive/libarchive/issues/511
> Stack out of bounds read in ar parser

Use CVE-2015-8920.


> https://github.com/libarchive/libarchive/issues/512
> Global out of bounds read in mtree parser

Use CVE-2015-8921.


> https://github.com/libarchive/libarchive/issues/513
> Null pointer access in 7z parser

Use CVE-2015-8922.


> https://github.com/libarchive/libarchive/issues/514
> Unclear crashes in ZIP parser

>> Issue here was reading a size field as a signed number
>> and then using that as an offset.

Use CVE-2015-8923.


> https://github.com/libarchive/libarchive/issues/515
> Heap out of bounds read in TAR parser

Use CVE-2015-8924.


> https://github.com/libarchive/libarchive/issues/516
> Unclear invalid memory read in mtree parser

>> Fix escaped newline parsing

Use CVE-2015-8925.


> https://github.com/libarchive/libarchive/issues/518
> Null pointer access in RAR parser

Use CVE-2015-8926.


> https://github.com/libarchive/libarchive/issues/523
> Heap out of bounds read when reading password for malformed ZIP

Use CVE-2015-8927.


> https://github.com/libarchive/libarchive/issues/550
> Heap out of bounds read in mtree parser

Use CVE-2015-8928.


> I also reported a couple of lower severity issues (leaks, hangs,
> undefined behavior issues):

> https://github.com/libarchive/libarchive/issues/517
> Memory leak in TAR parser

Use CVE-2015-8929.


> https://github.com/libarchive/libarchive/issues/522
> Endless loop in ISO parser

Use CVE-2015-8930.


> https://github.com/libarchive/libarchive/issues/539
> Undefined behavior / signed integer overflow in mtree parser

>> We run on a lot of platforms that don't use glibc

Use CVE-2015-8931.


> https://github.com/libarchive/libarchive/issues/540
> Use after free in test suite

This does not have a CVE ID. The vendor response was "Looks like this
is just a bug in the test. The test runs a set of checks twice but
doesn't correctly reset in between." The code change is in the
libarchive/test/test_archive_read_add_passphrase.c file.


> https://github.com/libarchive/libarchive/issues/547
> Undefined behavior / invalid shiftleft in TAR parser

Use CVE-2015-8932.


> https://github.com/libarchive/libarchive/issues/548
> Undefined behavior / signed integer overflow in TAR parser

Use CVE-2015-8933.


> Unfortunately one out of bounds heap read bug in the RAR parser (sample
> file) remained unfixed. I hope a fix will find its way into the next
> version.

> https://github.com/libarchive/libarchive/issues/521

Use CVE-2015-8934.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXZFBlAAoJEHb/MwWLVhi2IvcQAJLbWv3xlaskqSfuSLpe58Q8
fitvzzYGjb3vz/A6HFkIoPImxyokCMCljw0IQbeRLamFuwhaDnswDpLE2kdspX90
8z7lnmoZvK29d0bmlPlOSrkHHwBM7d0J5AtxL+VdNCZ+l+75e1oKUQNxd5Vkugll
3KQzmBr2ZO9bRhlrTfviY/D5T+dH0H/PnjO5kL2FaSPQylam2CRRWv2O6N8BWDCY
qOibiC4Tz269lawxcM1mxJIvFVuXaomKGaXp1+F91cuUfV1/t7aUAMlSjUc3ASL4
6rkWAy8WDlk24ZKG7mLv8t5V+fcDxLNNJLryWuRB8IqcBgFRuac3QPtvm2dw4j2Q
7ioHgjCISvfmh08a341SIG1vMdBfq+lCgp3IGom3mjSf38I/x0dcxCIXAd3ZMSVr
ApguzBuW6mTW8Xr/Eiqa8QyJ9HbvZS/Io5Qp/ki3O0LAKrHf2cLyzd/M1aNZFBK+
AmPlK39wuxDGDNZPIBV0v5eVvAq3ljE8XhdrGN8wxq5+UAeUDsaIOksWRFWXmji2
iEHhReLq3Z3zCEIoo9UADeOwrh36Ucq7P+EgmTd3YmX1H21tT2cIuRCdj095rzJV
dVTMARdB7vs60X5kXj1dVl5GLEaVa2wZ7AP34AutJI8WNbn86eL0Tcw/vRvv2Jxl
TCeZY1uY1URj4l8tvMpU
=TTkk
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ