-
-
Notifications
You must be signed in to change notification settings - Fork 457
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow in put_epel_hv_fallback when decoding file #233
Comments
According to Debian this is CVE-2020-21594 |
The poc is no longer triggering with the state in the master branch, as of today at The test were commited on Debian unstable, gcc (Debian 12.2.0-14) 12.2. Methology:Starting point for all bisects were commit c43f2f8 (selected, as this is around the time where the CVEs were reported) (FOR THIS ISSUE I THEN HAD TO GO BACKWARD, and used tags to narrow the search range.)
Bisecting is done using, so that git will report the first "good" commit. Bisecting is done using the CMake build system, using The pocs -- taken from the upstream issues (renamed for convience, so that the link to the CVE/issue is in the filename) CVE-2020-21594-issue233-libde265-put_epel_hv_fallback-heap_overflow.crash CVE-2020-21594-issue233-libde265-put_epel_hv_fallback-heap_overflow.crash2Unfortunatly the code did not compile at the final bisect step, so the candidates for the first fixed commits are:
(to help github making nice links: this is 39879b7 and 1df1dfe)
So this seems to be fixed in v1.0.3. Of course, there could be versions that have reintroduced a similar regression… FWIIW, this is the asan repot I get, e.g exactly at tag v1.0.2:
|
@coldtobi Thank you for that analysis, very helpful! |
Thank you @leonzhao7 and @coldtobi |
heap-buffer-overflow in put_epel_hv_fallback when decoding file
I found some problems during fuzzing
Test Version
dev version, git clone https://github.com/strukturag/libde265
Test Environment
root@ubuntu:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial
Test Configure
./configure
configure: ---------------------------------------
configure: Building dec265 example: yes
configure: Building sherlock265 example: no
configure: Building encoder: yes
configure: ---------------------------------------
Test Program
dec265 [infile]
Asan Output
POC file
libde265-put_epel_hv_fallback-heap_overflow.zip
libde265-put_epel_hv_fallback-heap_overflow2.zip
password: leon.zhao.7
CREDIT
Zhao Liang, Huawei Weiran Labs
The text was updated successfully, but these errors were encountered: