Bug 1472776 (CVE-2017-11423) - CVE-2017-11423 libmspack, clamav: Stack-based buffer over-read in cabd_read_string function
Summary: CVE-2017-11423 libmspack, clamav: Stack-based buffer over-read in cabd_read_s...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-11423
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1472777 1472778 1483999 1484000
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-19 11:45 UTC by Adam Mariš
Modified: 2019-09-29 14:16 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-26 05:45:22 UTC


Attachments (Terms of Use)

Description Adam Mariš 2017-07-19 11:45:58 UTC
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha,
as used in ClamAV 0.99.2 and other products, allows remote attackers to
cause a denial of service (stack-based buffer over-read and application
crash) via a crafted CAB file.

Reference:

https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul

Upstream bug:

https://bugzilla.clamav.net/show_bug.cgi?id=11873

Comment 1 Adam Mariš 2017-07-19 11:46:28 UTC
Created clamav tracking bugs for this issue:

Affects: epel-all [bug 1472777]
Affects: fedora-all [bug 1472778]

Comment 2 Sergio Monteiro Basto 2017-07-19 11:50:12 UTC
Adam Mariš , can I sergio@serjux.com have permission to look  at 
https://bugzilla.clamav.net/show_bug.cgi?id=11873 ? 

Thanks

Comment 3 Adam Mariš 2017-08-22 11:18:05 UTC
(In reply to Sergio Monteiro Basto from comment #2)
> Adam Mariš , can I sergio@serjux.com have permission to look  at 
> https://bugzilla.clamav.net/show_bug.cgi?id=11873 ? 
> 
> Thanks

Sorry, I can't help you with that. Neither do I have access there.

Comment 4 Adam Mariš 2017-08-22 12:46:01 UTC
Created libmspack tracking bugs for this issue:

Affects: fedora-all [bug 1483999]

Comment 5 Adam Mariš 2017-08-22 12:48:03 UTC
Created libmspack tracking bugs for this issue:

Affects: epel-all [bug 1484000]

Comment 6 Tuomo Soini 2017-09-20 17:21:25 UTC
Adam, rhel7 tracking bug is still missing?

Comment 7 Sergio Monteiro Basto 2018-01-11 04:03:23 UTC
clamav source , clean and not clean does not contain any cabd_read_string function neither libclamav/libmspack.c only libclamav/mspack.c [2], i.e those function only available on version 0.99.3 [3] 
anyway maybe also applicable to libmspack itself [1] 


[1]
https://apps.fedoraproject.org/packages/libmspack

[2]
https://github.com/vrtadmin/clamav-devel/blob/0.99.2/libclamav/mspack.c

[3]
https://github.com/vrtadmin/clamav-devel/tree/0.99.3/libclamav


Note You need to log in before you can comment on or make changes to this bug.