New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libfsclfs_block.c:742 1 byte OOB read #3
Comments
|
This vulnerability has been assigned as CVE-2018-15157. |
|
This project is pre-alpha status and does not support network. Please correct your impact assessment. |
|
Regarding filing cve for this, read libyal/libevt#5. And make sure your report is accurate otherwise it's a waste of people's time and resources. Seeing, based on your report, the bug appears to be an OOB read of 1 byte. |
BTW could you send me actual proof of these claims about actual crashes such as core files, which compiler / platform the binary was built. |
|
Your POC does not crash, it is not even accepted as valid input So this would not lead to any hypothetical denial of service since your proof of concept file would not be accepted as valid input in the first place. |
|
@seeutonight friendly ping are you going to provide proof to back your claims of your impact assessment? |
|
Marking as:
|
|
OOB read addressed in 7865021 |
the libfsclfs_block_read function in libfsclfs_block.c:742 in libfsclfs allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted clfs file.
poc.zip
The text was updated successfully, but these errors were encountered: