Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
In verify_buffer_sbat(), we have a goal-seeking loop to find the .sbat section header. Unfortunately, while the actual contents of the section are checked for being inside the binary, no such check exists for the contents of the section table entry. As a result, a carefully constructed binary will cause an out-of-bounds read checking if the section name is ".sbat\0\0\0" or not. This patch adds a check that each section table entry is within the bounds of the binary. It's not currently known if this is actually exploitable beyond creating a denial of service, and an attacker who is in a position to use it for a denial of service attack must already be able to do so. Resolves: CVE-2023-40550 Reported-by: gkirkpatrick@google.com Signed-off-by: Peter Jones <pjones@redhat.com>
- Loading branch information