Bug 1610609 (CVE-2018-14523)
Summary: | CVE-2018-14523 aubio: buffer over-read in pitch/pitchyinfft.c:new_aubio_pitchyinfft() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED UPSTREAM | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | brendan.jones.it, green, nphilipp |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 10:34:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1610611 | ||
Bug Blocks: |
Description
Sam Fowler
2018-08-01 03:51:25 UTC
Reproduced with aubio-0.4.2-8.fc28.x86_64: # aubionotes testcase2 2>&1 | ./asan_symbolizer.py -d ================================================================= ==70==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000436f08 at pc 0x000000421379 bp 0x7ffff1b85950 sp 0x7ffff1b85940 READ of size 4 at 0x000000436f08 thread T0 #0 0x421378 in new_aubio_pitchyinfft /usr/src/debug/aubio-0.4.2-8.fc28.x86_64/build/../src/pitch/pitchyinfft.c:73 #1 0x418397 in new_aubio_pitch /usr/src/debug/aubio-0.4.2-8.fc28.x86_64/build/../src/pitch/pitch.c:181 #2 0x404598 in main /usr/src/debug/aubio-0.4.2-8.fc28.x86_64/build/../examples/aubionotes.c:143 #3 0x7f28b733524a in __libc_start_main (/lib64/libc.so.6+0x2324a) #3 0x4022f9 in ?? ??:0 0x000000436f08 is located 0 bytes to the right of global variable 'freqs' defined in '../src/pitch/pitchyinfft.c:43:21' (0x436e80) of size 136 0x000000436f08 is located 56 bytes to the left of global variable 'weight' defined in '../src/pitch/pitchyinfft.c:50:21' (0x436f40) of size 136 SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/bin/aubionotes+0x421378) Shadow bytes around the buggy address: 0x00008007ed90: 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 0x00008007eda0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x00008007edb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008007edc0: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008007edd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x00008007ede0: 00[f9]f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008007edf0: 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 0x00008007ee00: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008007ee10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008007ee20: 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 0x00008007ee30: 00 00 00 03 f9 f9 f9 f9 00 00 00 00 00 00 00 07 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==70==ABORTING Created aubio tracking bugs for this issue: Affects: fedora-all [bug 1610611] This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. |