Description
1.the libesedb_page_read_values function in libesedb_page.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file.
esedbexport -m all libesedb_page_read_values
==9809==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62d000008450 at pc 0x0000005fc2e3 bp 0x7ffcdcf21330 sp 0x7ffcdcf21328
READ of size 1 at 0x62d000008450 thread T0
#0 0x5fc2e2 in libesedb_page_read_values /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_page.c:1248:29
#1 0x5fa6b3 in libesedb_page_read /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_page.c:779:7
#2 0x5ee496 in libesedb_io_handle_read_page /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_io_handle.c:264:6
#3 0x650539 in libfdata_vector_get_element_value_by_index /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_vector.c:1613:7
#4 0x650eaa in libfdata_vector_get_element_value_at_offset /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_vector.c:1749:6
0x62d000008450 is located 80 bytes to the right of 32768-byte region [0x62d000000400,0x62d000008400)
allocated by thread T0 here:
#0 0x4f0a68 in malloc (/home/xxx/Desktop/afl-of-things/libesedb/esedbtools/esedbexport+0x4f0a68)
#1 0x5f9730 in libesedb_page_read /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_page.c:373:27
#2 0x5ee496 in libesedb_io_handle_read_page /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_io_handle.c:264:6
#3 0x650539 in libfdata_vector_get_element_value_by_index /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_vector.c:1613:7
#4 0x650eaa in libfdata_vector_get_element_value_at_offset /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_vector.c:1749:6
POC:libesedb_page_read_values
This vulnerability has been assigned as CVE-2018-15158.
2.the libesedb_page_read_tags function in libesedb_page.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file.
esedbexport -m all libesedb_page_read_tags
==9812==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62d0000003ff at pc 0x0000005fb33c bp 0x7ffd89f8c8d0 sp 0x7ffd89f8c8c8
READ of size 1 at 0x62d0000003ff thread T0
#0 0x5fb33b in libesedb_page_read_tags /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_page.c:948:3
#1 0x5fa63d in libesedb_page_read /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_page.c:760:7
#2 0x5ee496 in libesedb_io_handle_read_page /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_io_handle.c:264:6
#3 0x650539 in libfdata_vector_get_element_value_by_index /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_vector.c:1613:7
#4 0x650eaa in libfdata_vector_get_element_value_at_offset /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_vector.c:1749:6
0x62d0000003ff is located 1 bytes to the left of 32768-byte region [0x62d000000400,0x62d000008400)
allocated by thread T0 here:
#0 0x4f0a68 in malloc (/home/xxx/Desktop/afl-of-things/libesedb/esedbtools/esedbexport+0x4f0a68)
#1 0x5f9730 in libesedb_page_read /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_page.c:373:27
#2 0x5ee496 in libesedb_io_handle_read_page /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_io_handle.c:264:6
#3 0x650539 in libfdata_vector_get_element_value_by_index /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_vector.c:1613:7
POC:libesedb_page_read_tags
This vulnerability has been assigned as CVE-2018-15159.
3.the libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file.
esedbexport -m all libesedb_catalog_definition_read
==9815==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62d000012400 at pc 0x0000004ef8ed bp 0x7ffc8d44a8c0 sp 0x7ffc8d44a070
READ of size 32512 at 0x62d000012400 thread T0
#0 0x4ef8ec in __asan_memcpy (/home/xxx/Desktop/afl-of-things/libesedb/esedbtools/esedbexport+0x4ef8ec)
#1 0x66b011 in libesedb_catalog_definition_read /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_catalog_definition.c
#2 0x66900a in libesedb_catalog_read /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_catalog.c:1037:7
#3 0x5e7ff8 in libesedb_file_open_read /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_file.c:1331:7
#4 0x5e62ae in libesedb_file_open_file_io_handle /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_file.c:633:6
0x62d000012400 is located 0 bytes to the right of 32768-byte region [0x62d00000a400,0x62d000012400)
allocated by thread T0 here:
#0 0x4f0a68 in malloc (/home/xxx/Desktop/afl-of-things/libesedb/esedbtools/esedbexport+0x4f0a68)
#1 0x5f9730 in libesedb_page_read /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_page.c:373:27
#2 0x5ee496 in libesedb_io_handle_read_page /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_io_handle.c:264:6
#3 0x650539 in libfdata_vector_get_element_value_by_index /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_vector.c:1613:7
#4 0x650eaa in libfdata_vector_get_element_value_at_offset /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_vector.c:1749:6
POC:libesedb_catalog_definition_read
This vulnerability has been assigned as CVE-2018-15160.
4.the libesedb_key_append_data function in libesedb_key.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file.
esedbexport -m all libesedb_key_append_data
==9818==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62d000008400 at pc 0x0000004ef8ed bp 0x7ffcdb636260 sp 0x7ffcdb635a10
READ of size 8191 at 0x62d000008400 thread T0
#0 0x4ef8ec in __asan_memcpy (/home/xxx/Desktop/afl-of-things/libesedb/esedbtools/esedbexport+0x4ef8ec)
#1 0x5ef039 in libesedb_key_append_data /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_key.c:307:7
#2 0x5ff086 in libesedb_page_tree_read_page /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_page_tree.c:1439:7
#3 0x5ffe4d in libesedb_page_tree_read_node /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_page_tree.c:1722:6
#4 0x62c855 in libfdata_btree_read_node /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_btree.c:1287:7
0x62d000008400 is located 0 bytes to the right of 32768-byte region [0x62d000000400,0x62d000008400)
allocated by thread T0 here:
#0 0x4f0a68 in malloc (/home/xxx/Desktop/afl-of-things/libesedb/esedbtools/esedbexport+0x4f0a68)
#1 0x5f9730 in libesedb_page_read /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_page.c:373:27
#2 0x5ee496 in libesedb_io_handle_read_page /home/xxx/Desktop/afl-of-things/libesedb/libesedb/libesedb_io_handle.c:264:6
#3 0x650539 in libfdata_vector_get_element_value_by_index /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_vector.c:1613:7
#4 0x650eaa in libfdata_vector_get_element_value_at_offset /home/xxx/Desktop/afl-of-things/libesedb/libfdata/libfdata_vector.c:1749:6
POC:libesedb_key_append_data
This vulnerability has been assigned as CVE-2018-15161.