[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 9 Jun 2021 10:19:09 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: connman stack buffer overflow in dnsproxy CVE-2021-33833
Hi,
On behalf of my colleague Daniel Wagner, connman maintainer.
CVE-2021-33833
Found by Mike Evdokimov at Digital Security.
The issue affects the dnsproxy component in releases 1.32 to 1.39 of connman.
Unpacking of NAME and RDATA/RDLENGTH fields with TYPE A/AAAA in the uncompress
function uses a memcpy with insufficient bounds checking, which can overflow
a stack buffer.
Researcher has written a POC, works with stack overflow heuristics and PIE disabled,
so stack overflow protection seems to mitigate it.
attached is 0001-dnsproxy-Check-the-length-of-buffers-before-memcpy.patch by
r.alyautdin@...russia.ru will be used by upstream connman team.
Note that it touches the same function and piece of code as a previous CVE in connman,
the earlier fix was apparently not complete.
Ciao, Marcus
View attachment "0001-dnsproxy-Check-the-length-of-buffers-before-memcpy.patch" of type "text/x-patch" (1802 bytes)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
