Date: Thu, 4 Jun 2015 00:29:04 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Null pointer access in inflatehd tool (nghttp2) https://blog.fuzzing-project.org/14-Null-pointer-access-in-inflatehd-tool-nghttp2.html The nghttp2 library ships two tools to parse http headers packed with the hpack algorithm. An invalid input file can crash the inflatehd tool. This is a bug in the tool, there is no issue in the library. This issue was fixed in version 0.7.15 of nghttp2. One day of fuzzing both the inflatehd and deflatehd turned up no other issues. Sample input file https://crashes.fuzzing-project.org/nghttp2-inflatehd-nullptr Git commit / patch https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf Upstream bug report https://github.com/tatsuhiro-t/nghttp2/issues/235 nghttp 0.7.15 release notes https://github.com/tatsuhiro-t/nghttp2/releases/tag/v0.7.15 -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.