Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 14 Feb 2015 10:59:43 -0500 (EST)
From: cve-assign@...re.org
To: hanno@...eck.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html

A build-packet.c report says "Use after free" but the listed commit
is for an invalid memory read that was fixed in two other .c files.

The keybox_search.c report says "memcpy with overlapping ranges" but
the listed commit apparently fixes "sign extension on shift" issues.

We suspect that what you mean is that the commits are directly
applicable as listed, and the difference is that your report states
the ultimate impact found by afl-fuzz, and your report isn't intended
to directly show how that ultimate impact results from the code
problem.

With this interpretation:

  CVE-2015-1606 - Use after free, resulting from failure to skip
                  invalid packets

  CVE-2015-1607 - memcpy with overlapping ranges, resulting from
                  incorrect bitwise left shifts

There's currently no information suggesting that the NULL pointer
dereference issues could have a security impact; they currently do not
have CVE IDs.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU33B+AAoJEKllVAevmvmstiQH/2nHN4/1NUH4TO7bTBx4tOmm
PYR2e5gl0cwCvfFHLxDYiJFFtO8KG+GW7emroo9qqCBcsZhWE95XE5VJXN7RSXXJ
JqihRwGl8pLQ459e3ZZR3rSTixGz28Fx/QGp59G7+mfNwPuaWGh6pg7Uukd4Zr1/
PlL4qkhXPH6auBW3pYDAqzf/s5a8O3WPOV2jUkB7x5+VYNy//tOwGbMFwlhPCgCr
IhjLi18UpeBkp7nVEIlSqkmRL7MSHYA7ov83CMTfl0Wj6YFHSTJHwUzPMQkQNhXG
xjllvOTZznnUW7Fs48psYRsd3iRM5XHIyYaHnHOy461yrqKrkcPtECadjIKbScA=
=LLyD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.