Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oob write in set_mem_access arch/AArch64/AArch64InstPrinter.c:73 #600

Closed
alvarofe opened this issue Mar 6, 2016 · 5 comments
Closed

oob write in set_mem_access arch/AArch64/AArch64InstPrinter.c:73 #600

alvarofe opened this issue Mar 6, 2016 · 5 comments

Comments

@alvarofe
Copy link
Contributor

alvarofe commented Mar 6, 2016

@revskills has been fuzzing r2 and he found an issue in capstone

radareorg/radare2#4234
@alvarofe alvarofe mentioned this issue Mar 6, 2016
Merged
@aquynh
Copy link
Collaborator

aquynh commented Mar 7, 2016

merged, thanks for the fix!

@aquynh aquynh closed this as completed Mar 7, 2016
@ghost
Copy link

ghost commented Mar 15, 2016

Mitre has assigned CVE-2016-3160 for this issue

@aquynh
Copy link
Collaborator

aquynh commented Mar 16, 2016

this is so cool! any links to this CVE yet?

just to clarify: this bug was in a very new commit to provide explicit register access for ARM64 arch, and it was there only about 2 week until it was detected. in addition, this is only in the "next" branch, which is still under development, so the number of people get affected is minimal.

thanks.

@AriEi4
Copy link

AriEi4 commented Sep 14, 2016

@revskills Are you sure that Mitre assigned CVE-2016-3160 for this?

According to their website the CVE is still reserved and not in use -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3160

@ghost
Copy link

ghost commented Sep 14, 2016

Yes, ask Mitre or someone using their feed.

On Wednesday, 14 September 2016, AriEi4 notifications@github.com wrote:

@revskills https://github.com/revskills Are you sure that Mitre
assigned CVE-2016-3160 for this?

According to their website the CVE is still reserved and not in use -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3160


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#600 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACV1Tn1-1tMsqwfvc_pGTNt6oyHs1_uXks5qp_KtgaJpZM4HqYyt
.

Francisco Alonso.
http://twitter.com/revskills

PGP: 0xE2E64DCA

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alvarofe @aquynh @AriEi4