New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
out-of-bounds read in search_make_new() #332
Labels
Comments
|
@asn-the-goblin-slayer Is the resolv.conf still to be attached ? |
|
Sure @Patraulea. I attach all relevant files from Guido. Hopefully they are of use. |
|
@asn-the-goblin-slayer thanks again for a detailed report! Fixed. |
|
This was assigned CVE-2016-10197: |
BrendanCunningham
pushed a commit
to BrendanCunningham/ompi
that referenced
this issue
Jul 26, 2022
…i#10542. CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195 libevent issue: libevent dns remote stack overread vulnerability libevent/libevent#317 libevent fixing commit: libevent/libevent@96f64a0 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196 libevent issue: libevent (stack) buffer overflow in evutil_parse_sockaddr_port() libevent/libevent#318 libevent fixing commit: libevent/libevent@329acc1 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197 libevent issue: out-of-bounds read in search_make_new() libevent/libevent#332 libevent fixing commit: libevent/libevent@ec65c42 Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
jsquyres
pushed a commit
to BrendanCunningham/ompi
that referenced
this issue
Sep 22, 2022
…i#10542. CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195 libevent issue: libevent dns remote stack overread vulnerability libevent/libevent#317 libevent fixing commit: libevent/libevent@96f64a0 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196 libevent issue: libevent (stack) buffer overflow in evutil_parse_sockaddr_port() libevent/libevent#318 libevent fixing commit: libevent/libevent@329acc1 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197 libevent issue: out-of-bounds read in search_make_new() libevent/libevent#332 libevent fixing commit: libevent/libevent@ec65c42 Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
jsquyres
pushed a commit
to BrendanCunningham/ompi
that referenced
this issue
Sep 22, 2022
…i#10542. CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195 libevent issue: libevent dns remote stack overread vulnerability libevent/libevent#317 libevent fixing commit: libevent/libevent@96f64a0 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196 libevent issue: libevent (stack) buffer overflow in evutil_parse_sockaddr_port() libevent/libevent#318 libevent fixing commit: libevent/libevent@329acc1 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197 libevent issue: out-of-bounds read in search_make_new() libevent/libevent#332 libevent fixing commit: libevent/libevent@ec65c42 Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here follows a bug report by Guido Vranken via the Tor bug bounty program. Please credit Guido accordingly.
Bug report
The DNS code of Libevent contains this rather obvious OOB read:
If the length of
base_nameis 0, then line 3125 reads 1 byte before the buffer. This will trigger a crash on ASAN-protected builds.To reproduce:
Build libevent with ASAN:
Put the attached
resolv.confandpoc.cin the source directory and then do:This happens because I create a zero-length string in
poc.c:If you uncomment the last line, it will not crash.
Guido
The text was updated successfully, but these errors were encountered: