Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 28 Jan 2017 18:14:31 -0500
From: <cve-assign@...re.org>
To: <hanno@...eck.de>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: wavpack: multiple out of bounds memory reads

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> All of them have been fixed with a single commit:
> https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc

> [] global buffer overread in read_code / read_words.c
> https://sourceforge.net/p/wavpack/mailman/message/35557889/
>> read_code ... wavpack-5.0.0/src/read_words.c:576:14

Use CVE-2016-10169.


> [] heap out of bounds read in WriteCaffHeader / caff.c
> https://sourceforge.net/p/wavpack/mailman/message/35561921/
>> WriteCaffHeader ... wavpack-5.0.0/cli/caff.c:699:61

Use CVE-2016-10170.


> [] heap out of bounds read in unreorder_channels / wvunpack.c
> https://sourceforge.net/p/wavpack/mailman/message/35561939/
>> unreorder_channels ... wavpack-5.0.0/cli/wvunpack.c:2142:27

Use CVE-2016-10171.


> [] heap oob read in read_new_config_info / open_utils.c
> https://sourceforge.net/p/wavpack/mailman/message/35561951/
>> read_new_config_info ... wavpack-5.0.0/src/open_utils.c:573:45

Use CVE-2016-10172.


Note that http://openwall.com/lists/oss-security/2017/01/23/4 had an
incorrect URL for the open_utils.c issue. (It was a duplicate of the
previous URL.) The correct URL is in the quoted text above. Also, the
vendor response of "I am pretty confident that these particular
failures are not exploitable, although I am not an expert in that
area" is on the
https://sourceforge.net/p/wavpack/mailman/message/35618215/ page.

We are assigning the four CVE IDs to the individual reports even
though it is possible that
4bc05fc490b66ef2d45b1de26abf1455b486b0dc implies that there were
only three independent issues.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYjSVxAAoJEHb/MwWLVhi22ScP/04u+ZLeBYlmyv36NiriDF3a
wGHD/tLrOidlT7BvyW6iFgJO2rJiO1/4YzMT6/w6JFSwhioKWkJQMtOnMu2gp+ZY
l7M0qdTHduEE3oNt5mxwXy7yLraJKjz6DRy7ZlFJcp6wyO48lrWi08Uf9EG0d+mD
vZUXy0wgMeieGsDF3grSfSWkh3djmIbvygo3dpucFce/oexcfED/3R6WhxGPi3ix
U1fc6XB4rKmsSmTxbmOC+XYE7elOgBYhElvZ0RiJLhBVc9fRil91VfUQqSGZcbQa
dYxdV+dpFEkLuQBYWRiWshiN46RO1TdvWr8oLAbwjGLn8roOc1bDN2pQsB9DS8uf
BOLYQ6A8DVuvtGRqYf1QyP53TgHg90BDjYMz7jUt9nkl+FozkMv5/Ncj/Luy9Jj6
AHb/n644Q1dtLZBUiP/j4v1otHYZz4ixZamahRL+SmlRAaj9hDW+YHDUVf1syIpS
KsjWkeAgi5gBZdC7xpoiyJ3NQddwKCVWbGtYR+mXetnb1uvOCW7MGnI8vt9yLSF7
4mX8xTA1SBrJNfm2SjjhKLhM/Z3XvLqmHdqoMQSDlj1Pv+KUJmjr9PsXDO4aWV7h
HaM34KzSfvBFmwpBycig3YU+sIw8SXRYwvKVgJoom2ZUsq5nSpE8QDoctixr2JEe
Hz0uj8YntzJ26TxAskiL
=MiV2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.