Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Jan 2016 20:46:10 +0800 (CST)
From: xiaoqixue_1  <>
Subject: Re:Re: Buffer Overflow in lha compression utility

an out of bound read is found in libdwarf -20151114.

please see attachment for poc. the result of valgrind as follows:


len=0x00000010, len size=0x00000004, extn size=0x00000000, totl
length=0x00000014, addr size=0x00000008, mod=0x00000004 must be zero
in cie, offset 0x00000000. ***
7   ==53495== Invalid read of size 2
  1 ==53495==    at 0x4C2F7E0: memcpy@@GLIBC_2.14 (in
  2 ==53495==    by 0x43287F: dwarf_read_cie_fde_prefix (dwarf_frame2.c:934)
  3 ==53495==    by 0x431305: _dwarf_get_fde_list_internal (dwarf_frame2.c:268)
  4 ==53495==    by 0x42EB5F: dwarf_get_fde_list_eh (dwarf_frame.c:1101)
  5 ==53495==    by 0x41BABE: print_frames (print_frames.c:1835)
  6 ==53495==    by 0x40485B: process_one_file (dwarfdump.c:1323)
  7 ==53495==    by 0x403529: main (dwarfdump.c:630)
  8 ==53495==  Address 0x548b3c0 is 0 bytes inside a block of size 1 alloc'd
  9 ==53495==    at 0x4C2AB80: malloc (in
 10 ==53495==    by 0x4E40600: ??? (in
 11 ==53495==    by 0x4E40873: ??? (in
 12 ==53495==    by 0x42A0E1: dwarf_elf_object_access_load_section
 13 ==53495==    by 0x437715: _dwarf_load_section (dwarf_init_finish.c:1072)
 14 ==53495==    by 0x42EAEB: dwarf_get_fde_list_eh (dwarf_frame.c:1096)
 15 ==53495==    by 0x41BABE: print_frames (print_frames.c:1835)
 16 ==53495==    by 0x40485B: process_one_file (dwarfdump.c:1323)
 17 ==53495==    by 0x403529: main (dwarfdump.c:630)
 18 ==53495==

The vulnerability is found by Qixue Xiao, at Tsinghua University.

Content of type "text/html" skipped

Download attachment "awbug5.elf" of type "application/octet-stream" (7875 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.