[Bug 1038837] New: VUL-0: CVE-2017-8911: tnef: integer underflow has been identified in the unicode_to_utf8() function
http://bugzilla.opensuse.org/show_bug.cgi?id=1038837 Bug ID: 1038837 Summary: VUL-0: CVE-2017-8911: tnef: integer underflow has been identified in the unicode_to_utf8() function Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 724861 --> http://bugzilla.opensuse.org/attachment.cgi?id=724861&action=edit poc_CVE-2017-8911 Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8911 ==================================================== Description An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker. ==================================================== Hyperlink [1] https://github.com/verdammelt/tnef/issues/23 [2] https://security-tracker.debian.org/tracker/CVE-2017-8911 (open-)SUSE: https://software.opensuse.org/package/tnef 1.4.9 (TW, official repo) 1.4.12 (42.{1,2}, official repo) On Leap 42.2: ==================================================== k_mikhail@linux-mk500:~> tnef -f poc_CVE-2017-8911 Ошибка сегментирования (core dumped) (gdb) bt #0 mapi_attr_read (len=<optimized out>, buf=0x2125290 "8") at mapi_attr.c:308 #1 0x0000000000404635 in parse_file (input_file=input_file@entry=0x2125030, directory=directory@entry=0x0, body_filename=body_filename@entry=0x0, body_pref=body_pref@entry=0x2125010 "rht", flags=flags@entry=0) at tnef.c:301 #2 0x0000000000401648 in main (argc=3, argv=<optimized out>) at main.c:380 (gdb) ==================================================== -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1038837
Mikhail Kasimov
http://bugzilla.opensuse.org/show_bug.cgi?id=1038837
Mikhail Kasimov
http://bugzilla.opensuse.org/show_bug.cgi?id=1038837
http://bugzilla.opensuse.org/show_bug.cgi?id=1038837#c2
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1038837
http://bugzilla.opensuse.org/show_bug.cgi?id=1038837#c3
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1038837
http://bugzilla.opensuse.org/show_bug.cgi?id=1038837#c4
Andreas Stieger
participants (1)
-
bugzilla_noreply@novell.com