1629955 – (CVE-2018-16982) CVE-2018-16982 opencc: out-of-bounds keyOffset and valueOffset values in BinaryDict::NewFromFile in BinaryDict.cpp

Bug 1629955 (CVE-2018-16982) - CVE-2018-16982 opencc: out-of-bounds keyOffset and valueOffset values in BinaryDict::NewFromFile in BinaryDict.cpp

Summary: CVE-2018-16982 opencc: out-of-bounds keyOffset and valueOffset values in Bina...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2018-16982
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1629957
Blocks:	1629958
TreeView+	depends on / blocked

Reported:	2018-09-17 17:10 UTC by Pedro Sampaio
Modified:	2021-02-16 23:02 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-10 10:38:04 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2018-09-17 17:10:04 UTC

Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file.

Upstream issue:

https://github.com/BYVoid/OpenCC/issues/303

Comment 2 Stefan Cornelius 2018-11-12 12:38:07 UTC

In version 0.4.3, the code is quite different. The PoCs can still crash the opencc_dict binary, but it's at a different location and does not seem to pose a security risk.

Comment 3 Stefan Cornelius 2018-11-12 12:38:15 UTC

Statement:

This issue did not affect the versions of opencc as shipped with Red Hat Enterprise Linux 7.

Note You need to log in before you can comment on or make changes to this bug.