Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170622125636.GC3350@intrepid>
Date: Thu, 22 Jun 2017 14:56:38 +0200
From: Alexander Bergmann <abergmann@...e.com>
To: oss-security@...ts.openwall.com
Cc: thomasdullien@...gle.com
Subject: Re: CVE Request: unrar: VMSF_DELTA filter allows
 arbitrary memory write

On Wed, Jun 21, 2017 at 02:20:01PM +0200, Alexander Bergmann wrote:
> Hi,
> 
> It was reported that unrar fixed a VMSF_DELTA memory corruption issue in
> there latest version unrarsrc-5.5.5.tar.gz. This problem was reported to
> Sophos AV in 2012 but never reach upstream rar.
> 
> https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6#maincol
> 
> Reproducer:
> 
> Base64-encoded RAR file to trigger the VMSF_DELTA issue:
> 
> UmFyIRoHAPlOcwAADgAAAAAAAAAAMAh0AAAmAI4AAAAAAAAAAhBBUiEAAAAAHQAGAAAAACBzdGRv
> dXQgIVUMzRDNmBGByDAda+AXaSv4KvQr1K/oejL05mXmXmww5tEk8gA9k8nmieyeyeswuOR6cx69
> a2Hd6zQwu3aoMDDwMEswADAAMD4P938w+dydoRFwAmwAAAAAvv////+/////+9W3QFgAAQAGAAAA
> Ooimhd12AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> 
> As far as I can tell no CVE was assigned to this issue so far.

Mitre.org assigned CVE-2012-6706 to this issue.


Regards,
Alex~


-- 
Alexander Bergmann <abergmann@...e.com>, Security Engineer, GPG:9FFA4886
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.