Bug 1680669 (CVE-2019-9075)
Summary: | CVE-2019-9075 binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abhgupta, dbaker, dvlasenk, fweimer, jakub, jokerman, law, mprchlik, nickc, ohudlick, sipoyare, sthangav, trankin |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-20 21:19:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1680670, 1691070, 1691071 | ||
Bug Blocks: | 1680680 |
Description
Dhananjay Arunesh
2019-02-25 13:47:22 UTC
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1680670] ``` ==6814== Memcheck, a memory error detector ==6814== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==6814== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==6814== Command: size poc ==6814== ==6814== Invalid write of size 1 ==6814== at 0x4F27D5C: _bfd_archive_64_bit_slurp_armap (archive64.c:126) ==6814== by 0x4E884A7: bfd_slurp_armap (archive.c:1156) ==6814== by 0x4E88174: bfd_generic_archive_p (archive.c:864) ==6814== by 0x4E8F924: bfd_check_format_matches (format.c:352) ==6814== by 0x10AFA2: display_file (size.c:403) ==6814== by 0x10A3F5: main (size.c:240) ==6814== Address 0x5773328 is 0 bytes after a block of size 4,472 alloc'd ==6814== at 0x4C30E8B: malloc (vg_replace_malloc.c:309) ==6814== by 0x4F3DD21: _objalloc_alloc (objalloc.c:143) ==6814== by 0x4E970DD: bfd_alloc (opncls.c:949) ==6814== by 0x4E975CC: bfd_zalloc (opncls.c:998) ==6814== by 0x4F27C9F: _bfd_archive_64_bit_slurp_armap (archive64.c:98) ==6814== by 0x4E884A7: bfd_slurp_armap (archive.c:1156) ==6814== by 0x4E88174: bfd_generic_archive_p (archive.c:864) ==6814== by 0x4E8F924: bfd_check_format_matches (format.c:352) ==6814== by 0x10AFA2: display_file (size.c:403) ==6814== by 0x10A3F5: main (size.c:240) ==6814== ==6814== ==6814== HEAP SUMMARY: ==6814== in use at exit: 0 bytes in 0 blocks ==6814== total heap usage: 90 allocs, 90 frees, 31,320 bytes allocated ==6814== ==6814== All heap blocks were freed -- no leaks are possible ==6814== ==6814== For counts of detected and suppressed errors, rerun with: -v ==6814== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) ``` and ``` size poc double free or corruption (!prev) Aborted (core dumped) ``` This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9075 |