New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[dlt-sortbytimestamp crash] Unreadable memory reference in my opinion #436
Comments
Fixes COVESA#436 Signed-off-by: Michael Methner <mmethner@de.adit-jv.com>
Hello @zj3t , thanks for reporting the issue. I have opened a PR. |
Thanks @michael-methner :) Also can you allow me to get a CVE? |
Hello @zj3t , For sure you can get a CVE. |
Thanks @michael-methner :) |
FYI, this was assigned CVE-2023-36321. (I did not assign the CVE, I'm just a messanger who noticed it while triaging recently published CVEs) |
Hi COVESA Team!
Contact us to report vulnerabilities.
Summary
I done dlt-sortbytimestamp(+dlt-* binary) source code auditing .
And found that the exception handling was insufficient.
Since I'm not familiar with the dlt structure, I created a simple fuzzer to fuzzing the dlt-sortbytimestamp binary.
And I found a crash, and added ASAN (Address Sanitizer) to get additional information.
Bug Log
In my opinion, when the pointer is moved in the fseek() function, the crash occurs because it is moved to a place that cannot be referenced.
Or, Maybe it's caused by size tampering in the header of the DLT file.
But I don't know the detailed information of the DLT file.
[crash.dlt]
[output.dlt]
Looking at the output file, it was confirmed that it terminated in the middle.
Files
I will attach it.
covesa.zip
It may not be a big deal, it may be a bug (vulnerability), but I am reporting it because I hope you guys will fix it.
Thanks :)
The text was updated successfully, but these errors were encountered: