New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OOB read of 1 in liblnk_location_information.c#L1090 causes ASAN warning #40
Comments
|
I'll have a closer look when time permits but this looks like an OOB read of 1, flagged by ASAN because it is strict by nature. This is definitely no Heap Buffer overflow since nothing is written.
@c0d3xpl0it can you spend a bit more time in analyzing the fuzzer results before making claims next time, thank in advance. |
|
Appears to have been assigned CVE-2019-17401. |
|
POC is not considered a valid file and hits another safe guard. Yet another example of Mitre CVE failing to do due diligence. Worst case for the POC is OOB read of 8 but the data read does not appear to be used further since error path is triggered. So this is mainly an issue with little/no impact. |
|
Below is output with attached POC with old commit : c962bb7 lnkinfo 20191006 (On which I reported issue) Below is output with attached POC with latest commit : 6a5ee82 lnkinfo 20191010 |
|
@c0d3xpl0it yes I know what are you trying to tell me? that adding an additional safeguard prevents ASAN from raising the issue? BTW if you run c962bb7 without ASAN you'll get: |
|
For completeness, since I did not get around to this yet. Added an additional safeguard to prevent ASAN detecting an OOB read in 6a5ee82 Closing issue |
|
And again NVD showing their incompetence as usual https://nvd.nist.gov/vuln/detail/CVE-2019-17401: "Allows disruption of service" WTF?
|
We found
Heap Buffer Overflowan issue in lnkinfo binary and lnkinfo is complied with clang enabling ASAN.Machine Setup
Machine : Ubuntu 16.04.3 LTS
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.11)
Commit : c962bb7
lnkinfo : 20191006
Command : lnkinfo -v POC
POC : POC.zip
ASAN Output
The text was updated successfully, but these errors were encountered: