Bug 1554423 (CVE-2018-8050) - CVE-2018-8050 afflib: denial of service (DoS) in af_get_page() function in lib/afflib_pages.cpp
Summary: CVE-2018-8050 afflib: denial of service (DoS) in af_get_page() function in li...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2018-8050
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1554425 1554426 1554427
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-12 16:14 UTC by Laura Pardo
Modified: 2019-09-29 14:35 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:17:32 UTC


Attachments (Terms of Use)

Description Laura Pardo 2018-03-12 16:14:56 UTC
A flaw was found in AFFLIB (aka AFFLIBv3) through 3.7.16. The af_get_page() function in lib/afflib_pages.cpp allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value.


References:
https://github.com/sshock/AFFLIBv3/pull/31

Upstream Patch:
https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c

Comment 1 Laura Pardo 2018-03-12 16:15:56 UTC
Created afflib tracking bugs for this issue:

Affects: fedora-all [bug 1554426]
Affects: epel-7 [bug 1554427]

Comment 3 Nicolas Chauvet (kwizart) 2018-03-12 17:07:41 UTC
The fedora security fixes are on their way. But on epel-7, I think the previous afflib package wasn't built by the previous maintainer there (as the build failed). So there is a diff between what's in git and what's in repos.

If you have more info about which version is affected here I will try to work on this as possible.

Comment 4 Andrej Nemec 2018-03-13 08:23:25 UTC
(In reply to Nicolas Chauvet (kwizart) from comment #3)
> The fedora security fixes are on their way. But on epel-7, I think the
> previous afflib package wasn't built by the previous maintainer there (as
> the build failed). So there is a diff between what's in git and what's in
> repos.
> 
> If you have more info about which version is affected here I will try to
> work on this as possible.

Hello Nicolas :) 

Thank you for working on this! I'm completely fine with either rebasing epel-7 to fedora version, or waiting on the upstream version. This security issue does not seem to be very impactful. 

As a side note, please, don't modify this bug in any way as it's used as a placeholder to store all flaw neutral information from the Product Security Team perspective. Thanks!


Note You need to log in before you can comment on or make changes to this bug.