Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

oob write in set_mem_access arch/AArch64/AArch64InstPrinter.c:73 #600

Closed
alvarofe opened this issue Mar 6, 2016 · 5 comments
Closed

oob write in set_mem_access arch/AArch64/AArch64InstPrinter.c:73 #600

alvarofe opened this issue Mar 6, 2016 · 5 comments

Comments

@alvarofe
Copy link
Contributor

@alvarofe alvarofe commented Mar 6, 2016

@revskills has been fuzzing r2 and he found an issue in capstone

radareorg/radare2#4234

@aquynh
Copy link
Owner

@aquynh aquynh commented Mar 7, 2016

merged, thanks for the fix!

@aquynh aquynh closed this Mar 7, 2016
@ghost
Copy link

@ghost ghost commented Mar 15, 2016

Mitre has assigned CVE-2016-3160 for this issue

@aquynh
Copy link
Owner

@aquynh aquynh commented Mar 16, 2016

this is so cool! any links to this CVE yet?

just to clarify: this bug was in a very new commit to provide explicit register access for ARM64 arch, and it was there only about 2 week until it was detected. in addition, this is only in the "next" branch, which is still under development, so the number of people get affected is minimal.

thanks.

@AriEi4
Copy link

@AriEi4 AriEi4 commented Sep 14, 2016

@revskills Are you sure that Mitre assigned CVE-2016-3160 for this?

According to their website the CVE is still reserved and not in use -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3160

@ghost
Copy link

@ghost ghost commented Sep 14, 2016

Yes, ask Mitre or someone using their feed.

On Wednesday, 14 September 2016, AriEi4 notifications@github.com wrote:

@revskills https://github.com/revskills Are you sure that Mitre
assigned CVE-2016-3160 for this?

According to their website the CVE is still reserved and not in use -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3160


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#600 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACV1Tn1-1tMsqwfvc_pGTNt6oyHs1_uXks5qp_KtgaJpZM4HqYyt
.

Francisco Alonso.
http://twitter.com/revskills

PGP: 0xE2E64DCA

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.