-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Out of bound read in Strnew_size , Str.c:61 #270
Comments
Affected version :
Not Affected version: < 0.5.3+git20220429-1 |
On Thu, Jun 29, 2023 at 04:40:34AM -0700, Zhijie Zhang wrote:
Hello, I found a out-of-bound write in w3m,
[Snip]
==85==The signal is caused by a READ memory access.
Is it read or write?
Cannot reproduce.
|
It is read. My fault.
Have you tried the dockerized reproduction steps? I tried it just now, and it worked. I reduce the input file which is poc1_trim.zip Pls told me if it's still not available. |
I tried to reproduce it on Debian stable but also failed. It seems this bug only occurs on some specific OS systems with this PoC. |
On Mon, Jul 10, 2023 at 05:16:28AM -0700, Zhijie Zhang wrote:
I tried to reproduce it on Debian stable but failed. It seems this bug
only occurs on some specific OS systems.
Then why does your initial report says that OS is Debian 11? Please
provide correct info about the test environment.
|
Sorry for not making it clear before. I can reproduce it on Debian 11 with the following command.
Since you said that your Debian version is Debian stable in other issues, I tried to reproduce it on Debian stable with the following command just now but failed.
Actually, the Debian stable in docker images is Debian 12.
So the bug is reproducible at Debian 11 not reproducible at Debian stable (12). |
JFTR, I can reproduce it using docker with images debian:11 and
debian:12.
I can not reproduce it on my VPS with Debian 11 nor with Debian 12 and
also not on a laptop running Devuan GNU/Linux 4, which is a Debian 11
without systemd.
|
Assigned CVE-2023-38252 for this issue. If you wish to dispute please open a ticket here: |
On Thu, Jul 13, 2023 at 09:31:40AM -0700, Pedro Sampaio wrote:
Assigned CVE-2023-38252 for this issue. If you wish to dispute please open a ticket here:
https://access.redhat.com/security/team/contact
This is a READ violation, not write as the CVE states.
|
Fixed, thanks. |
Prevented with #273 |
Hello, I found a out-of-bound read in w3m, function Strnew_size , Str.c:61 while testing my new fuzzer.
Steps to reproduce
Dockerized reproduce steps (recommended)
Platform
ASAN
POC
poc1.zip
The text was updated successfully, but these errors were encountered: