New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bug report]: out of bound read in sadf which leads to crash. #199
Comments
This issue was assigned CVE-2018-19517 |
sysstat
added a commit
that referenced
this issue
Nov 26, 2018
Check args before calling memmove() and memset() in remap_struct() function to avoid out of bound reads which would possibly lead to unknown code execution and/or sadf command crash. Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
Yes I have checked all the crash POCs using the latest commit fbc691e |
TL-Yao
pushed a commit
to scantist-ossops-m2/sysstat
that referenced
this issue
Apr 18, 2024
Check args before calling memmove() and memset() in remap_struct() function to avoid out of bound reads which would possibly lead to unknown code execution and/or sadf command crash. Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version
Description
The remap_struct function in sa_common.c(line 1298) has an out-of-bounds read during a memset call, as demonstrated by sadf.
Related code(sa_common.c:1298)
Additional Information
As the debug info shows, the args of memset points to an invalid address.
ASAN
poc here
The text was updated successfully, but these errors were encountered: