New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

oob write in set_mem_access arch/AArch64/AArch64InstPrinter.c:73 #600

Closed
alvarofe opened this Issue Mar 6, 2016 · 5 comments

Comments

Projects
None yet
3 participants
@alvarofe
Contributor

alvarofe commented Mar 6, 2016

@revskills has been fuzzing r2 and he found an issue in capstone

radare/radare2#4234

@aquynh

This comment has been minimized.

Show comment
Hide comment
@aquynh

aquynh Mar 7, 2016

Owner

merged, thanks for the fix!

Owner

aquynh commented Mar 7, 2016

merged, thanks for the fix!

@aquynh aquynh closed this Mar 7, 2016

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Mar 15, 2016

Mitre has assigned CVE-2016-3160 for this issue

ghost commented Mar 15, 2016

Mitre has assigned CVE-2016-3160 for this issue

@aquynh

This comment has been minimized.

Show comment
Hide comment
@aquynh

aquynh Mar 16, 2016

Owner

this is so cool! any links to this CVE yet?

just to clarify: this bug was in a very new commit to provide explicit register access for ARM64 arch, and it was there only about 2 week until it was detected. in addition, this is only in the "next" branch, which is still under development, so the number of people get affected is minimal.

thanks.

Owner

aquynh commented Mar 16, 2016

this is so cool! any links to this CVE yet?

just to clarify: this bug was in a very new commit to provide explicit register access for ARM64 arch, and it was there only about 2 week until it was detected. in addition, this is only in the "next" branch, which is still under development, so the number of people get affected is minimal.

thanks.

@AriEi4

This comment has been minimized.

Show comment
Hide comment
@AriEi4

AriEi4 Sep 14, 2016

@revskills Are you sure that Mitre assigned CVE-2016-3160 for this?

According to their website the CVE is still reserved and not in use -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3160

AriEi4 commented Sep 14, 2016

@revskills Are you sure that Mitre assigned CVE-2016-3160 for this?

According to their website the CVE is still reserved and not in use -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3160

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Sep 14, 2016

Yes, ask Mitre or someone using their feed.

On Wednesday, 14 September 2016, AriEi4 notifications@github.com wrote:

@revskills https://github.com/revskills Are you sure that Mitre
assigned CVE-2016-3160 for this?

According to their website the CVE is still reserved and not in use -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3160


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#600 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACV1Tn1-1tMsqwfvc_pGTNt6oyHs1_uXks5qp_KtgaJpZM4HqYyt
.

Francisco Alonso.
http://twitter.com/revskills

PGP: 0xE2E64DCA

ghost commented Sep 14, 2016

Yes, ask Mitre or someone using their feed.

On Wednesday, 14 September 2016, AriEi4 notifications@github.com wrote:

@revskills https://github.com/revskills Are you sure that Mitre
assigned CVE-2016-3160 for this?

According to their website the CVE is still reserved and not in use -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3160


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#600 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACV1Tn1-1tMsqwfvc_pGTNt6oyHs1_uXks5qp_KtgaJpZM4HqYyt
.

Francisco Alonso.
http://twitter.com/revskills

PGP: 0xE2E64DCA

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment