Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 20 Oct 2016 12:27:15 -0400 (EDT)
From: cve-assign@...re.org
To: scott.tenaglia@...incea.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request - Portable UPnP SDK 1.6.19 through 1.8.x

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://sourceforge.net/p/pupnp/bugs/133/

>   parse_uri( &out->URLs[i + 1], URLS->size - i + 1,
>              &out->parsedURLs[URLcount] )

This seems to be a CWE-372 ("Incomplete Internal State Distinction")
issue in which the code expected to be in a state where it was
operating on a set of validated URIs from a CALLBACK header, but
actually was in a state where it was operating on a set of all URIs
from a CALLBACK header. A validation step occurs for every URI, and
the amount of memory allocated is correct for the set of validated
URIs, but there is simply no data model for the set of validated URIs.
(Conceivably, the set of validated URIs could be in its own array, or
each URI in the original array could have a flag indicating whether it
was valid.)

Use CVE-2016-8863.

As mentioned, this has a resultant heap buffer overflow.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYCO/sAAoJEHb/MwWLVhi2WxMP/iE4erxSoRjKIE42RHEoeGq2
UDy+y+B9Sf/xK0zWtZGB06Mmkli+v7SLKOkWK7oWHJ4tQa4NXCvKbzwfLbyX3jDZ
Ul7IE42LFCti/bJqb1qQwqjM/LzMtOSloofBI5pMocYkBKnjaLq1PwRGDTKzyVEN
7Hs8LhzkUsqDdr4z5bk1NhDNhBHDg+4pIJ91rFrqkL06bWIsUAnfUJmWE7wWGWGp
XePAkR+yOkvOpsgdWPFmaUNU3t7iPkRhw/P24O8QG+So39z5DVts4IHYoOQHmIa5
OtNKauWUxLMIOkUneZbWEazLrrglKGoG0VJzqXpNDAXciRPd6DNQ3GueJjthBkoG
LrfsoTdUrpGA+q33DipHxg2Aj+OaN/LUQ1n+mYE09k3Iy+4OHN7xZ9VWUWirYkDL
/JODFta8VX3BsMGFjUwNsICaxJm/kARxY72A7mKvJsEZ6Jow4seIIgzmFiBPqzPC
ErcnxLIvbJOiy9jw0hP3qGH5I/5N1h+7ViUqS97mOy4MySgVs1kKtU+ZVpL4h1PK
7smULHLCAKKLqpJS8smcd08ZmetYtB4s3ccPM0Yn7vQKRI92mCRgTpJh5IhqSmiZ
IoesKUf10Ml+xx/DR5WEEZ4ACHn+Q7nUzMhobzHWQbG0NdXzUWXdWZQdkmS2NBfH
1shVmylDTkJ5tLBQwHmM
=WKq1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.