info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
0 views
Skip to first unread message
Anton Gladky
Sep 16, 2021, 3:30:03 PM9/16/21
to
Control: severity -1 important
Control: notfound -1 2:6.2.1+dfsg-2
Control: found -1 2:6.2.1+dfsg-1
Thanks for the bug report. We will fix it when CVE (if any) will be
assigned and upstream patch will be available.
Though, the integer overflows are not making the package unusable in most cases.
Thus the severity is reduced.
Regards
Anton
Vincent Lefevre
Sep 16, 2021, 7:30:03 PM9/16/21
to
On 2021-09-16 21:23:34 +0200, Anton Gladky wrote:
> Thanks for the bug report. We will fix it when CVE (if any) will be
> assigned and upstream patch will be available.
FYI, an upstream patch is now available here:
> Thanks for the bug report. We will fix it when CVE (if any) will be
> assigned and upstream patch will be available.
https://gmplib.org/list-archives/gmp-bugs/2021-September/005087.html
> Though, the integer overflows are not making the package unusable in
> most cases.
because the behavior depends on data from a file, which may be
untrusted. That said, here it is probably wise to check that the
size is not too large in order to prevent the address space from
being exhausted.
--
Vincent Lefèvre <vin...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Anton Gladky
Sep 17, 2021, 1:10:02 AM9/17/21
to
Thanks, Vincent, for the information. I would still wait for CVE,
so we can apply a patch and track vulnerability for other
Debian versions (stable/oldstable/o-o-stable etc.).
Regards
Anton
Adrian Bunk
Nov 13, 2021, 3:30:04 PM11/13/21
to
On Fri, Sep 17, 2021 at 07:02:48AM +0200, Anton Gladky wrote:
> Thanks, Vincent, for the information. I would still wait for CVE,
> so we can apply a patch and track vulnerability for other
> Debian versions (stable/oldstable/o-o-stable etc.).
Hi Anton,
> Thanks, Vincent, for the information. I would still wait for CVE,
> so we can apply a patch and track vulnerability for other
> Debian versions (stable/oldstable/o-o-stable etc.).
did you manage to get a CVE assigned for this issue, or has there been
any problem with tnat?
> Regards
>
> Anton
Thanks
Adrian
Anton Gladky
Nov 14, 2021, 8:20:03 AM11/14/21
to
Hi Adrian,
well, I was thinking that upstream should request a CVE. Neverheless
I could not reproduce the issue with the modern GCC-versions.
Even on 32bit-systems.
Regards
Anton
well, I was thinking that upstream should request a CVE. Neverheless
I could not reproduce the issue with the modern GCC-versions.
Even on 32bit-systems.
Regards
Anton
Vincent Lefevre
Nov 14, 2021, 9:50:03 AM11/14/21
to
On 2021-11-14 14:15:25 +0100, Anton Gladky wrote:
> well, I was thinking that upstream should request a CVE. Neverheless
> I could not reproduce the issue with the modern GCC-versions.
> Even on 32bit-systems.
I can still reproduce the segmentation fault under Debian/unstable.
> well, I was thinking that upstream should request a CVE. Neverheless
> I could not reproduce the issue with the modern GCC-versions.
> Even on 32bit-systems.
Simplified testcase:
#include <stdio.h>
#include <gmp.h>
int main (void)
{
mpz_t s;
mpz_init (s);
mpz_inp_raw (s, stdin);
return 0;
}
Compile with gcc -m32 and execute:
printf 12345 | ./testcase
Note that even if you don't get a segmentation fault, there may be
other erratic behaviors, such as silent memory corruption (which may
be even worse).
Anton Gladky
Nov 14, 2021, 12:50:03 PM11/14/21
to
Thanks, Vincent,
now I am able to reproduce the issue!
I will request CVE.
Regards
Anton
now I am able to reproduce the issue!
I will request CVE.
Regards
Anton
Anton Gladky
Nov 15, 2021, 12:40:04 AM11/15/21
to
CVE-2021-43618 is assigned to this issue.
0 new messages