Bug 1122841 - (CVE-2019-3817) VUL-0: CVE-2019-3817: libcomps: use after free when merging two objmrtrees
(CVE-2019-3817)
VUL-0: CVE-2019-3817: libcomps: use after free when merging two objmrtrees
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.0
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Neal Gompa
Security Team bot
https://smash.suse.de/issue/223533/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-23 07:39 UTC by Karol Babioch
Modified: 2019-04-07 19:37 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2019-01-23 07:39:31 UTC
There is a use-after-free in libcomps library in comps_objmradix.c:comps_objmrtree_unite() function. When two ObjMRTrees are merged, pair variable may be freed and accessed again at the next iteration. An attacker who is able to craft a malicious comps XML file may use this flaw to crash the application or potentially execute code.

Upstream issue:
https://github.com/rpm-software-management/libcomps/issues/41

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1668005
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3817
Comment 1 Swamp Workflow Management 2019-02-07 13:30:06 UTC
This is an autogenerated message for OBS integration:
This bug (1122841) was mentioned in
https://build.opensuse.org/request/show/672448 Factory / libcomps
Comment 2 Swamp Workflow Management 2019-02-07 14:30:06 UTC
This is an autogenerated message for OBS integration:
This bug (1122841) was mentioned in
https://build.opensuse.org/request/show/672481 15.1 / libcomps
Comment 3 Swamp Workflow Management 2019-03-03 19:30:06 UTC
This is an autogenerated message for OBS integration:
This bug (1122841) was mentioned in
https://build.opensuse.org/request/show/681119 15.0 / libcomps
Comment 4 Swamp Workflow Management 2019-03-11 17:11:37 UTC
openSUSE-SU-2019:0323-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1122841
CVE References: CVE-2019-3817
Sources used:
openSUSE Leap 15.0 (src):    libcomps-0.1.8-lp150.2.3.1
Comment 5 Swamp Workflow Management 2019-03-15 11:09:11 UTC
openSUSE-SU-2019:0328-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1122841
CVE References: CVE-2019-3817
Sources used:
openSUSE Backports SLE-15 (src):    libcomps-0.1.8-bp150.3.3.1
Comment 6 Neal Gompa 2019-04-07 19:37:10 UTC
This is fixed in all openSUSE distribution releases now.