Bug 1644196

Summary:

There is abort in libwebm caused by libwebm::Webm2Pes::InitWebmParser() which will lead to dos attack.

Product:

[Other] Security Response

Reporter:

shuitao gan <ganshuitao>

Component:

vulnerability

Assignee:

Red Hat Product Security <security-response-team>

Status:

CLOSED NOTABUG

QA Contact:

Severity:

high

Docs Contact:

Priority:

unspecified

Version:

unspecified

CC:

psampaio

Target Milestone:

---

Keywords:

Security

Target Release:

---

Hardware:

All

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

If docs needed, set a value

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2018-11-13 20:26:41 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
./webm2pes POC0 /dev/null	none

Description shuitao gan 2018-10-30 08:07:49 UTC

Created attachment 1498865 [details]
./webm2pes POC0 /dev/null

version: latest version
Summary: 

There is abort in libwebm caused by libwebm::Webm2Pes::InitWebmParser() which will lead to dos attack. 

Description:

$./webm2pes POC0 /dev/null

terminate called after throwing an instance of 'std::logic_error'
  what():  basic_string::_M_construct null not valid
Aborted (core dumped)

Program received signal SIGABRT, Aborted.
0x00007ffff6b79267 in __GI_raise (sig=sig@entry=6)
    at ../sysdeps/unix/sysv/linux/raise.c:55
55	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007ffff6b79267 in __GI_raise (sig=sig@entry=6)
    at ../sysdeps/unix/sysv/linux/raise.c:55
#1  0x00007ffff6b7aeca in __GI_abort () at abort.c:89
#2  0x00007ffff7ae6b7d in __gnu_cxx::__verbose_terminate_handler() ()
   from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3  0x00007ffff7ae49c6 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#4  0x00007ffff7ae4a11 in std::terminate() ()
   from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#5  0x00007ffff7ae4c29 in __cxa_throw ()
   from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#6  0x00007ffff7b0d50f in std::__throw_logic_error(char const*) ()
   from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#7  0x00007ffff7b78f94 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> 
>::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) () from /usr/lib/x86_64-linux-gnu/libstdc+
+.so.6
#8  0x00007ffff7b7914c in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char 
const*, std::allocator<char> const&) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#9  0x00000000004a3964 in libwebm::Webm2Pes::InitWebmParser() ()
#10 0x00000000004a198f in libwebm::Webm2Pes::ConvertToFile() ()
#11 0x000000000048a701 in main ()

Comment 1 Pedro Sampaio 2018-11-13 20:26:41 UTC

This is not shipped in any Red Hat products. Closing.