Date: Thu, 15 Sep 2016 17:52:52 +0200 From: Agostino Sarubbo <ago@...too.org> To: OSS Security List <oss-security@...ts.openwall.com> Subject: Libarchive/bsdtar: multiple crashes Hello all. I'd like to make people aware of the following crashes in libarchive/bsdtar found by fuzzing (all issues are public on github): The most dangerous, an out of bounds stack write (which is also fixed upstream): https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/ The following are buffer over read of 1 (all are unfixed upstream ATM): https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/ https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/ https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/ https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/ As stated in the posts, the two latest bug could be the same, but I didn't have an upstream response about, so I posted both stacktrace to better track the issues. The following are use-after-free (all are unfixed upstream ATM): https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/ https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/ As stated in the posts, they could be the same. I didn't have an upstream response too for those. Agostino
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.