|
Message-ID: <20160617145146.710ad5de@pc1>
Date: Fri, 17 Jun 2016 14:51:46 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Many invalid memory access issues in libarchive
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
libarchive version 3.2.0 (released on April 30th) fixed a large number
of memory access bugs that I reported to them a while ago.
https://github.com/libarchive/libarchive/issues/503
Unclear invalid memory read in CPIO parser
http://libarchive.github.io/google-code/issue-395/comment-0/crash.cpio
Sample file
https://github.com/libarchive/libarchive/issues/504
Null pointer access in RAR parser
http://libarchive.github.io/google-code/issue-396/comment-0/crash.rar
Sample file
https://github.com/libarchive/libarchive/issues/505
Null pointer access in CAB parser
http://libarchive.github.io/google-code/issue-397/comment-0/segf.cab
Sample file
https://github.com/libarchive/libarchive/issues/506
Overlapping memcpy in CAB parser
http://libarchive.github.io/google-code/issue-398/comment-0/memcpy.cab
Sample file
https://github.com/libarchive/libarchive/issues/510
Heap out of bounds read in LHA/LZH parser
http://libarchive.github.io/google-code/issue-402/comment-0/bsdtar-invalid-read.lzh
Sample file
https://github.com/libarchive/libarchive/issues/511
Stack out of bounds read in ar parser
http://libarchive.github.io/google-code/issue-403/comment-0/bsdtar-invalid-read-stack.a
Sample file
https://github.com/libarchive/libarchive/issues/512
Global out of bounds read in mtree parser
http://libarchive.github.io/google-code/issue-404/comment-0/invalid-read-overflow.mtree
Sample file
https://github.com/libarchive/libarchive/issues/513
Null pointe access in 7z parser
http://libarchive.github.io/google-code/issue-405/comment-0/bsdtar-null-ptr.7z
Sample file
https://github.com/libarchive/libarchive/issues/514
Unclear crashes in ZIP parser
http://libarchive.github.io/google-code/issue-406/comment-0/bsdtar-zip-crash-variant1.zip
Sample file
https://github.com/libarchive/libarchive/issues/515
Heap out of bounds read in TAR parser
http://libarchive.github.io/google-code/issue-407/comment-0/tar-heap-overflow.tar
Sample file
https://github.com/libarchive/libarchive/issues/516
Unclear invalid memory read in mtree parser
http://libarchive.github.io/google-code/issue-408/comment-0/read_mtree.mtree
Sample file
https://github.com/libarchive/libarchive/issues/518
Null pointer access in RAR parser
http://libarchive.github.io/google-code/issue-410/comment-0/segfault.rar
Sample file
https://github.com/libarchive/libarchive/issues/523
Heap out of bounds heap read read when reading password for malformed
ZIP
http://libarchive.github.io/google-code/issue-415/comment-0/pwcrash.zip
Sample file
https://github.com/libarchive/libarchive/issues/550
Heap out of bounds read in mtree parser
https://crashes.fuzzing-project.org/libarchive-oob-process_add_entry.mtree
Sample file
I also reported a couple of lower severity issues (leaks, hangs,
undefined behavior issues):
https://github.com/libarchive/libarchive/issues/517
Memory leak in TAR parser
https://github.com/libarchive/libarchive/issues/522
Endless loop in ISO parser
http://libarchive.github.io/google-code/issue-414/comment-0/hang.iso
Sample file
https://github.com/libarchive/libarchive/issues/539
Undefined behavior / signed integer overflow in mtree parser
https://github.com/libarchive/libarchive/issues/540
Use after free in test suite
https://github.com/libarchive/libarchive/issues/547
Undefined behavior / invalid shiftleft in TAR parser
https://crashes.fuzzing-project.org/libarchive-undefined-shiftleft
Sample file
https://github.com/libarchive/libarchive/issues/548
Undefined behavior / signed integer overflow in TAR parser
https://crashes.fuzzing-project.org/libarchive-undefined-signed-overflow.tar
Sample file
Unfortunately one out of bounds heap read bug in the RAR parser (sample
file) remained unfixed. I hope a fix will find its way into the next
version. I was interested in making libarchive more robust because once
all issues are fixed it can serve as a safer alternative to many low
quality command line tools for various archiving formats.
https://github.com/libarchive/libarchive/issues/521
http://libarchive.github.io/google-code/issue-413/comment-0/bsdtar-invalid-read.rar
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno@...eck.de
GPG: BBB51E42
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.