Bug 1071777 - (CVE-2017-17456) VUL-1: CVE-2017-17456: libsndfile: d2alaw_array() in alaw.c may lead to a remote DoS attack
(CVE-2017-17456)
VUL-1: CVE-2017-17456: libsndfile: d2alaw_array() in alaw.c may lead to a rem...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv3:SUSE:CVE-2017-17456:3.3:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-07 14:00 UTC by Alexander Bergmann
Modified: 2020-06-08 15:09 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Fix patch (1.61 KB, patch)
2018-06-08 12:43 UTC, Takashi Iwai
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-12-07 14:00:32 UTC
CVE-2017-17456:

The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245. 

This bug is related to bsc#1071767 that comes with a reproducer.

Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17456
https://github.com/erikd/libsndfile/issues/344
Comment 1 Alexander Bergmann 2018-04-18 09:27:54 UTC
Still no upstream fix available.
Comment 2 Alexander Bergmann 2018-05-08 08:40:47 UTC
Moving to VUL-1 as this is a minor issue.
Comment 3 Takashi Iwai 2018-06-08 12:43:16 UTC
Now I took a deeper look.  Actually it's because of handling of double or float NaN.  But there are other potential issues that may lead to the array overflow, so it needs a range check in anyway in addition to NaN check.
Comment 4 Takashi Iwai 2018-06-08 12:43:51 UTC
Created attachment 773214 [details]
Fix patch
Comment 5 Takashi Iwai 2018-06-08 13:04:38 UTC
Submitted the fix for TW, SLE15, SLE12, SLE11.

Back to security team.
Comment 8 Swamp Workflow Management 2018-07-26 19:08:52 UTC
SUSE-SU-2018:2065-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1071767,1071777,1100167
CVE References: CVE-2017-17456,CVE-2017-17457,CVE-2018-13139
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libsndfile-1.0.25-36.13.1
SUSE Linux Enterprise Server 12-SP3 (src):    libsndfile-1.0.25-36.13.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libsndfile-1.0.25-36.13.1
Comment 9 Swamp Workflow Management 2018-07-26 19:16:05 UTC
SUSE-SU-2018:2074-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1071767,1071777,1100167
CVE References: CVE-2017-17456,CVE-2017-17457,CVE-2018-13139
Sources used:
SUSE Linux Enterprise Module for Basesystem 15 (src):    libsndfile-1.0.28-5.5.1
Comment 10 Swamp Workflow Management 2018-08-06 13:11:49 UTC
openSUSE-SU-2018:2209-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1071767,1071777,1100167
CVE References: CVE-2017-17456,CVE-2017-17457,CVE-2018-13139
Sources used:
openSUSE Leap 15.0 (src):    libsndfile-1.0.28-lp150.3.3.1, libsndfile-progs-1.0.28-lp150.3.3.1
Comment 11 Swamp Workflow Management 2018-08-06 13:16:55 UTC
openSUSE-SU-2018:2214-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1071767,1071777,1100167
CVE References: CVE-2017-17456,CVE-2017-17457,CVE-2018-13139
Sources used:
openSUSE Leap 42.3 (src):    libsndfile-1.0.25-34.1, libsndfile-progs-1.0.25-34.1
Comment 12 Marcus Meissner 2018-08-06 14:19:36 UTC
released
Comment 14 Swamp Workflow Management 2018-11-23 14:30:31 UTC
This is an autogenerated message for OBS integration:
This bug (1071777) was mentioned in
https://build.opensuse.org/request/show/651387 Factory / libsndfile
Comment 16 Swamp Workflow Management 2019-04-02 16:30:18 UTC
SUSE-SU-2019:14008-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1071767,1071777,1117954
CVE References: CVE-2017-17456,CVE-2017-17457,CVE-2018-19758
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libsndfile-1.0.20-2.19.12.1
SUSE Linux Enterprise Server 11-SP4 (src):    libsndfile-1.0.20-2.19.12.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libsndfile-1.0.20-2.19.12.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.