[dlt-sortbytimestamp crash] Unreadable memory reference in my opinion #436
Comments
michael-methner
pushed a commit
to michael-methner/dlt-daemon
that referenced
this issue
Jan 27, 2023
Fixes COVESA#436 Signed-off-by: Michael Methner <mmethner@de.adit-jv.com>
|
Hello @zj3t , thanks for reporting the issue. I have opened a PR. |
|
Thanks @michael-methner :) Also can you allow me to get a CVE? |
|
Hello @zj3t , For sure you can get a CVE. |
|
Thanks @michael-methner :) |
|
FYI, this was assigned CVE-2023-36321. (I did not assign the CVE, I'm just a messanger who noticed it while triaging recently published CVEs) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi COVESA Team!
Contact us to report vulnerabilities.
Summary
I done dlt-sortbytimestamp(+dlt-* binary) source code auditing .
And found that the exception handling was insufficient.
Since I'm not familiar with the dlt structure, I created a simple fuzzer to fuzzing the dlt-sortbytimestamp binary.
And I found a crash, and added ASAN (Address Sanitizer) to get additional information.
Bug Log
In my opinion, when the pointer is moved in the fseek() function, the crash occurs because it is moved to a place that cannot be referenced.
Or, Maybe it's caused by size tampering in the header of the DLT file.
But I don't know the detailed information of the DLT file.
[crash.dlt]
[output.dlt]
Looking at the output file, it was confirmed that it terminated in the middle.
Files
I will attach it.
covesa.zip
It may not be a big deal, it may be a bug (vulnerability), but I am reporting it because I hope you guys will fix it.
Thanks :)
The text was updated successfully, but these errors were encountered: