1545824 – iniparser: stack-buffer-underflow in iniparser_load in iniparser.c

Bug 1545824 - iniparser: stack-buffer-underflow in iniparser_load in iniparser.c

Summary: iniparser: stack-buffer-underflow in iniparser_load in iniparser.c

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1545825 1553577
Blocks:	1545833
TreeView+	depends on / blocked

Reported:	2018-02-15 15:54 UTC by Laura Pardo
Modified:	2019-09-29 14:32 UTC (History)
CC List:	3 users (show)
Fixed In Version:	iniparser 4.1
Clone Of:
Environment:
Last Closed:	2019-06-08 03:40:06 UTC
Embargoed:

Attachments	(Terms of Use)

Description Laura Pardo 2018-02-15 15:54:18 UTC

A flaw was found in iniparser version prior to 4.1. A stack buffer underflow in the function iniparser_load() in iniparser.c file which can be triggered by parsing a file that containing a zero-byte. This vulnerability may allow an attacker to cause a Denial of Service (DoS).

References:

https://github.com/ndevilla/iniparser/issues/68

Patch:

https://github.com/ndevilla/iniparser/commit/4f870752abbb756911d7b11405d49e9769d082bd

Comment 1 Laura Pardo 2018-02-15 15:54:55 UTC

Created iniparser tracking bugs for this issue:

Affects: fedora-all [bug 1545825]

Note You need to log in before you can comment on or make changes to this bug.