Mailinglist Archive: opensuse-bugs (4295 mails)

< Previous Next >
[Bug 1038837] New: VUL-0: CVE-2017-8911: tnef: integer underflow has been identified in the unicode_to_utf8() function
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 12 May 2017 10:56:02 +0000
  • Message-id: <bug-1038837-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1038837


Bug ID: 1038837
Summary: VUL-0: CVE-2017-8911: tnef: integer underflow has been
identified in the unicode_to_utf8() function
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Created attachment 724861
--> http://bugzilla.opensuse.org/attachment.cgi?id=724861&action=edit
poc_CVE-2017-8911

Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8911
====================================================
Description

An integer underflow has been identified in the unicode_to_utf8() function in
tnef 1.4.14. This might lead to invalid write operations, controlled by an
attacker.
====================================================

Hyperlink

[1] https://github.com/verdammelt/tnef/issues/23

[2] https://security-tracker.debian.org/tracker/CVE-2017-8911

(open-)SUSE: https://software.opensuse.org/package/tnef

1.4.9 (TW, official repo)
1.4.12 (42.{1,2}, official repo)


On Leap 42.2:
====================================================
k_mikhail@linux-mk500:~> tnef -f poc_CVE-2017-8911
Ошибка сегментирования (core dumped)

(gdb) bt
#0 mapi_attr_read (len=<optimized out>, buf=0x2125290 "8") at mapi_attr.c:308
#1 0x0000000000404635 in parse_file (input_file=input_file@entry=0x2125030,
directory=directory@entry=0x0, body_filename=body_filename@entry=0x0,
body_pref=body_pref@entry=0x2125010 "rht", flags=flags@entry=0)
at tnef.c:301
#2 0x0000000000401648 in main (argc=3, argv=<optimized out>) at main.c:380
(gdb)
====================================================

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >