Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack Overflow in Scanner::EnsureTokensInQueue() #655

Closed
E4ck opened this issue Dec 28, 2018 · 8 comments · Fixed by #807
Closed

Stack Overflow in Scanner::EnsureTokensInQueue() #655

E4ck opened this issue Dec 28, 2018 · 8 comments · Fixed by #807

Comments

@E4ck
Copy link

E4ck commented Dec 28, 2018

Stack Overflow in Scanner::EnsureTokensInQueue()

position:code

poc

To reproduce: ./parse < crash2.txt

gdb:
Program received signal SIGSEGV, Segmentation fault.
0x0807598e in YAML::Scanner::EnsureTokensInQueue() ()

ASAN:
ASAN:DEADLYSIGNAL
================================================================= ==2258==ERROR: AddressSanitizer: stack-overflow on address 0xbf338fa0 (pc 0x0814e423 bp 0xbf3393c8 sp 0xbf338f90 T0)
#0 0x814e422 (/home/user/yaml-cpp/build/util/parse+0x814e422)
#1 0x816fd48 (/home/user/yaml-cpp/build/util/parse+0x816fd48)
#2 0x8190a72 (/home/user/yaml-cpp/build/util/parse+0x8190a72)
#3 0x81d5061 (/home/user/yaml-cpp/build/util/parse+0x81d5061)
#4 0x81deb85 (/home/user/yaml-cpp/build/util/parse+0x81deb85)
#5 0x81d511a (/home/user/yaml-cpp/build/util/parse+0x81d511a)
#6 0x81deb85 (/home/user/yaml-cpp/build/util/parse+0x81deb85)
#7 0x81d511a (/home/user/yaml-cpp/build/util/parse+0x81d511a)
#8 0x81deb85 (/home/user/yaml-cpp/build/util/parse+0x81deb85)
#9 0x81d511a (/home/user/yaml-cpp/build/util/parse+0x81d511a)
#10 0x81deb85 (/home/user/yaml-cpp/build/util/parse+0x81deb85)
#11 0x81d511a (/home/user/yaml-cpp/build/util/parse+0x81d511a)
......
#245 0x81d511a (/home/eack/yaml-cpp/build/util/parse+0x81d511a)
#246 0x81deb85 (/home/eack/yaml-cpp/build/util/parse+0x81deb85)
#247 0x81d511a (/home/eack/yaml-cpp/build/util/parse+0x81d511a)
#248 0x81deb85 (/home/eack/yaml-cpp/build/util/parse+0x81deb85)
#249 0x81d511a (/home/eack/yaml-cpp/build/util/parse+0x81d511a)
#250 0x81deb85 (/home/eack/yaml-cpp/build/util/parse+0x81deb85)
SUMMARY: AddressSanitizer: stack-overflow (/home/eack/yaml-cpp/build/util/parse+0x814e422) ==2258==ABORTING
@carnil
Copy link

carnil commented Dec 28, 2018

CVE-2018-20573

@Justinzobel
Copy link

Is there a patch available for this vulnerability?

@AlanGriffiths AlanGriffiths mentioned this issue Jan 20, 2020
Merged
@NicoleG25
Copy link

@jbeder , @rdeterre
Was this issue ever addressed? and if so could you point out in what commit?

Thanks in advance !

@jbeder
Copy link
Owner

jbeder commented Apr 7, 2020

I just reviewed #807. Sorry for the delay.

@NicoleG25
Copy link

I just reviewed #807. Sorry for the delay.

Would you be merging it?
Thanks in advance !

@jbeder
Copy link
Owner

jbeder commented Apr 8, 2020 via email

@mcandre
Copy link

mcandre commented Apr 3, 2022

So was this vulnerability patched or what? Unclear.

@jbeder
Copy link
Owner

jbeder commented Apr 3, 2022

Yes. #807 was merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix stack overflow
6 participants
@mcandre @carnil @jbeder @Justinzobel @E4ck @NicoleG25