New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect use of network_share_name_offset for device_name in liblnk_location_information.c #38
Comments
|
thx, I'll have a more detailed look when time permits judging by the code path it could be an out-of-bounds read that asan is flagging what are your exact compiler flags? |
|
Thanks for looking into this, below are my flags for compilation and make. |
|
This is a OOB read of 1. Mainly triggered because ASAN being strict about this. I'll address the issue. POCs are not considered a valid files and hit other safe guards. Yet another example of Mitre CVE failing to do due diligence. Also see: https://nvd.nist.gov/vuln/detail/CVE-2019-17264 |
|
The underlying issue is logical of nature. network_share_name_offset is used but this should be device_name_offset. Marking as bug solely for this reason. Seeing the POCs are considered invalid to begin with this is mainly an issue with little/no impact. |
|
Addressed in c4d04de |
|
And again NVD showing their incompetence as well https://nvd.nist.gov/vuln/detail/CVE-2019-17264
So NVD assessment is complete BS as multiple times before. Again it is highly ironic that organizations that want to improve security of existing code bases, are run as a complete shit show. |
As i understand from issue #13 the bug was patched in commit 63b54a3 but while fuzzing
lnkinfofrom the master branch, I still encounter this issue. I compliedliblnkwith gcc and g++ enabling ASAN the fuzzing results showed me a heap-buffer-overflow inliblnk_location_information.cASAN
I've attached poc.zip for reference, I also observed the program don't return me any
SEGFAULTwhen I passed the above corpus (Disabling ASAN). Request maintainer to please have a look or suggest if I am missing something here.The text was updated successfully, but these errors were encountered: