OSV-2021-417.yaml

id: OSV-2021-417
summary: Heap-use-after-free in __cil_verify_classperms
details: |
  OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065

  ```
  Crash type: Heap-use-after-free READ 8
  Crash state:
  __cil_verify_classperms
  __cil_verify_classpermission
  __cil_pre_verify_helper
  ```
modified: '2022-04-13T03:04:42.307147Z'
published: '2021-02-19T00:00:51.127847Z'
references:
- type: REPORT
  url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
affected:
- package:
    name: selinux
    ecosystem: OSS-Fuzz
  ranges:
  - type: GIT
    repo: https://github.com/SELinuxProject/selinux
    events:
    - introduced: 0451adebdf153eee1f69914141311114a0130982
    - fixed: f34d3d30c8325e4847a6b696fe7a3936a8a361f3
  versions:
  - '3.2'
  - 3.2-rc3
  - checkpolicy-3.2
  - checkpolicy-3.2-rc3
  - libselinux-3.2
  - libselinux-3.2-rc3
  - libsemanage-3.2
  - libsemanage-3.2-rc3
  - libsepol-3.2
  - libsepol-3.2-rc3
  - mcstrans-3.2
  - mcstrans-3.2-rc3
  - policycoreutils-3.2
  - policycoreutils-3.2-rc3
  - restorecond-3.2
  - restorecond-3.2-rc3
  - secilc-3.2
  - secilc-3.2-rc3
  - selinux-dbus-3.2
  - selinux-dbus-3.2-rc3
  - selinux-gui-3.2
  - selinux-gui-3.2-rc3
  - selinux-python-3.2
  - selinux-python-3.2-rc3
  - selinux-sandbox-3.2
  - selinux-sandbox-3.2-rc3
  - semodule-utils-3.2
  - semodule-utils-3.2-rc3
  ecosystem_specific:
    severity: HIGH