New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE-2021-46142] uriNormalizeSyntax* may free stack memory in out-of-memory situation when handling URIs containing empty segments #122
Comments
|
@afosscontact thanks for the detailed report, I will have a closer look. |
|
@afosscontact confirming as a bug, fixed by pull request #124 (along with issue #121). Thanks for the report again! |
|
Thank you for the fix |
|
@afosscontact speaking for #121 and #122, I can request a CVE (or two) once the security impact of these two bugs is clear. If you could add a security assessment to the two issues — detailed or brief — that would help. Also, giving credit to your real name both inside uriparser and/or in the mitre submission form is still an option, if you're comfortable disclosing your name to either me and mitre (by e-mail) or everyone here. Or you submit to mitre and only they get your name or no one. I'd also be curious, what the context of this work of yours was, if you'd be up for sharing that with me off-list. Thanks in advance. |
|
PS: @afosscontact the two bugs are closed as fixed now. I'm still happy to team up with you on the CVE subject as mentioned above. |
A bug was found within the uriparser. Though it might not be an intended use of the relevant API, the bug can still produce critical issues within a program using uriparser. It would be best if the affected logic is checked beforehand.
The bug was found with a fuzzer based on the test-code"NormalizeSyntaxExMm"
_crash log
Steps to reproduce:
cmake -DCMAKE_BUILD_TYPE=Release -DURIPARSER_BUILD_DOCS:BOOL=OFF -DBUILD_SHARED_LIBS:BOOL=ON ..
make -j8
clang++ -g -fsanitize=address,fuzzer-no-link -o 2 2.cpp -I uriparser/include/ -I uriparser/ -Luriparser/build -luriparser
LD_LIBRARY_PATH=uriparser/build/ ./2
OS:ubuntu 18.04
uriparser_poc2.tar.gz
The text was updated successfully, but these errors were encountered: