Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

read-heap-buffer-overflow in ares_parse_soa_reply() #333

Closed
ltx2018 opened this issue May 21, 2020 · 6 comments
Closed

read-heap-buffer-overflow in ares_parse_soa_reply() #333

ltx2018 opened this issue May 21, 2020 · 6 comments

Comments

@ltx2018
Copy link
Contributor

ltx2018 commented May 21, 2020

we found read-heap-buffer-overflow by fuzzing c-ares master-branch
image

lenth unchecked before read aptr
image

@ltx2018
Copy link
Contributor Author

ltx2018 commented May 21, 2020

#332

bradh352 pushed a commit that referenced this issue May 22, 2020
Fix invalid read in ares_parse_soa_reply.c found during fuzzing

Fixes Bug: #333 
Fix By: lutianxiong (@ltx2018)
@bradh352
Copy link
Member

fixed by #332

eriklax pushed a commit to halon/c-ares that referenced this issue Aug 22, 2020
Fix invalid read in ares_parse_soa_reply.c found during fuzzing

Fixes Bug: c-ares#333 
Fix By: lutianxiong (@ltx2018)
sergepetrenko pushed a commit to tarantool/c-ares that referenced this issue Jul 29, 2022
Fix invalid read in ares_parse_soa_reply.c found during fuzzing

Fixes Bug: c-ares#333 
Fix By: lutianxiong (@ltx2018)
@cebarks
Copy link

cebarks commented Aug 28, 2023

FYI this flaw was assigned CVE-2020-22217.

@samueloph
Copy link

NVD scored it as a critical:
https://nvd.nist.gov/vuln/detail/CVE-2020-22217

Sorry for the mention, but I think this might be of your interest @bagder

@cebarks
Copy link

cebarks commented Sep 7, 2023

NVD scored it as a critical: https://nvd.nist.gov/vuln/detail/CVE-2020-22217

Unfortunately, NVD scores almost everything a critical 9.8 anymore (usually against the wishes of the developers and other members of the security. Not to say they should be ignored, but take all of their ratings with a huge dash of salt.

Some more info:

@attritionorg
Copy link

If this is, indeed, an OOB read, then NVD scored incorrectly in this case. That said, I am not defending NVD as they frequently do not score correctly. That said, I want to point out that one part of CVSS specs says to "Score for the worst". That is one thing that leads to many v2 10 / v3 9.8 scores, especially when a vendor says e.g. "Vulnerability fixed". Without details orgs are forced to score like that, which may be artificially high of course.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants