Server may crash parsing wrong or truncated BLR [CORE2576] #2986
Labels
affect-version: 1.5.4
affect-version: 1.5.5
affect-version: 2.0.0
affect-version: 2.0.1
affect-version: 2.0.2
affect-version: 2.0.3
affect-version: 2.0.4
affect-version: 2.0.5
affect-version: 2.1.0
affect-version: 2.1.1
affect-version: 2.1.2
affect-version: 2.5 Alpha 1
affect-version: 2.5 Beta 1
component: engine
fix-version: 2.5 RC1
priority: major
qa: cannot be tested
type: bug
Submitted by: @asfernandes
BLR is read on a buffer and passed for parse without inform a length. The BLR is parsed until a blr_eoc is found.
If the buffer doesn't end with blr_eoc, the parser will continue reading unallocated memory. If it reads some byte in a not committed page memory, a read access violation will occur and the server will crash.
Commits: 4759973
The text was updated successfully, but these errors were encountered: