Bug 1056090 - (CVE-2017-13743) VUL-0: CVE-2017-13743: liblouis: buffer overflow triggered in function_lou_showString() in utils.c
(CVE-2017-13743)
VUL-0: CVE-2017-13743: liblouis: buffer overflow triggered in function_lou_sh...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/191131/
CVSSv2:SUSE:CVE-2014-8184:7.2:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-29 10:07 UTC by Alexander Bergmann
Modified: 2020-06-17 18:24 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Reproducer (2.42 KB, application/x-rar)
2017-08-29 10:11 UTC, Alexander Bergmann
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-08-29 10:07:35 UTC
CVE-2017-13743

There is a buffer overflow in Liblouis 3.2.0, triggered in the function
_lou_showString() in utils.c, that will lead to a remote denial of
service attack.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13743
Comment 1 Alexander Bergmann 2017-08-29 10:11:40 UTC
Created attachment 738592 [details]
Reproducer

The liblouis tools are not part of the official package and have to be compiled from scratch.

#> valgrind --leak-check=full  ./lou_checktable POC6
...
==9630== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=1484335
Comment 2 Michael Gorse 2017-08-31 19:23:28 UTC
https://github.com/liblouis/liblouis/commit/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c

I can't reproduce this one on 2.6.4, which is what we currently have in factory. I do get a crash on 3.2.0, and applying this patch fixes it there, along with fixing some other CVEs.
Comment 6 Swamp Workflow Management 2017-09-26 16:12:26 UTC
SUSE-SU-2017:2570-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1056088,1056090,1056093,1056095,1056097,1056101,1056105
CVE References: CVE-2017-13738,CVE-2017-13739,CVE-2017-13740,CVE-2017-13741,CVE-2017-13743,CVE-2017-13744
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    liblouis-2.6.4-6.3.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    liblouis-2.6.4-6.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    liblouis-2.6.4-6.3.1, python-louis-2.6.4-6.3.1, python3-louis-2.6.4-6.3.1
SUSE Linux Enterprise Server 12-SP3 (src):    liblouis-2.6.4-6.3.1, python-louis-2.6.4-6.3.1, python3-louis-2.6.4-6.3.1
SUSE Linux Enterprise Server 12-SP2 (src):    liblouis-2.6.4-6.3.1, python-louis-2.6.4-6.3.1, python3-louis-2.6.4-6.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    liblouis-2.6.4-6.3.1, python3-louis-2.6.4-6.3.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    liblouis-2.6.4-6.3.1, python3-louis-2.6.4-6.3.1
Comment 7 Marcus Meissner 2017-09-27 12:46:04 UTC
the code is just not in the sle11 variant, even though the commit and the error description do not really match.  untagging and closing.
Comment 8 Marcus Meissner 2017-09-27 12:49:45 UTC
but i see you added another patch. still not yet released. reopen for a bit.
Comment 9 Swamp Workflow Management 2017-09-28 16:10:12 UTC
SUSE-SU-2017:2590-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1056090,1056093,1056095,1056097,1056101
CVE References: CVE-2017-13739,CVE-2017-13740,CVE-2017-13741,CVE-2017-13743
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    liblouis-1.7.0-1.3.3.1, python-louis-1.7.0-1.3.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    liblouis-1.7.0-1.3.3.1
Comment 10 Swamp Workflow Management 2017-10-03 22:12:02 UTC
openSUSE-SU-2017:2639-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1056088,1056090,1056093,1056095,1056097,1056101,1056105
CVE References: CVE-2017-13738,CVE-2017-13739,CVE-2017-13740,CVE-2017-13741,CVE-2017-13743,CVE-2017-13744
Sources used:
openSUSE Leap 42.3 (src):    liblouis-2.6.4-6.1, python-louis-2.6.4-6.1
openSUSE Leap 42.2 (src):    liblouis-2.6.4-3.3.1, python-louis-2.6.4-3.3.1
Comment 11 Marcus Meissner 2017-10-26 06:01:03 UTC
released