Bug 1700114 - free(): double free detected in tcache 2
Summary: free(): double free detected in tcache 2
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: nmap
Version: 29
Hardware: Unspecified
OS: Linux
high
unspecified
Target Milestone: ---
Assignee: Pavel Zhukov
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1749182 (view as bug list)
Depends On:
Blocks: CVE-2017-18594
TreeView+ depends on / blocked
 
Reported: 2019-04-15 21:45 UTC by Xinya Zhang
Modified: 2019-09-05 07:31 UTC (History)
3 users (show)

Fixed In Version: nmap-7.70-7.fc30 nmap-7.70-5.fc29
Clone Of:
Environment:
Last Closed: 2019-05-07 05:41:37 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Xinya Zhang 2019-04-15 21:45:23 UTC 
Description of problem:
nmap reports 'free(): double free detected in tcache 2' and aborted after running
'nmap --script ssh-auth-methods localhost'

Version-Release number of selected component (if applicable):
nmap-7.70-4.fc29.src.rpm

How reproducible:
Run 'nmap --script ssh-auth-methods localhost'

Steps to Reproduce:
1. nmap --script ssh-auth-methods localhost
2.
3.

Actual results:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-15 16:37 CDT
free(): double free detected in tcache 2
Aborted (core dumped)

Expected results:
Shows the current authentication methods allowed by localhost sshd

Additional info:
This bug report and corresponding solution has been submitted to upstream at https://github.com/nmap/nmap/issues/1077 TWO years ago but apparently the upstream is working on it.

The backtrace has been submitted as FAF #2529606, full URL: https://retrace.fedoraproject.org/faf/reports/2529606/
Comment 1 Xinya Zhang 2019-04-15 23:06:05 UTC 
Update: it seems this has been fixed by commit 350bbe0597d37ad67abe5fef8fba984707b4e9ad in upstream. However this version has not been released yet.
Comment 2 Xinya Zhang 2019-04-16 01:54:23 UTC 
Update2: To reproduce this bug, the target ssh server must be configured without ssh-rsa nor ssh-dss public key support (in my case only ssh-ed25519 is enabled).
This can be done by simply commenting out HostKey lines in sshd_config instead of hacking the crypto-policies.
Comment 3 Fedora Update System 2019-05-02 13:16:04 UTC 
nmap-7.70-7.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-be0ee2bc61
Comment 4 Fedora Update System 2019-05-02 13:36:44 UTC 
nmap-7.70-5.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-b387905e49
Comment 5 Fedora Update System 2019-05-03 04:12:24 UTC 
nmap-7.70-7.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-be0ee2bc61
Comment 6 Fedora Update System 2019-05-03 05:41:48 UTC 
nmap-7.70-5.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-b387905e49
Comment 7 Fedora Update System 2019-05-07 05:41:37 UTC 
nmap-7.70-7.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2019-05-18 03:20:54 UTC 
nmap-7.70-5.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Pavel Zhukov 2019-09-05 07:31:36 UTC 
*** Bug 1749182 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.