Bugzilla – Bug 1182731
VUL-0: CVE-2021-3410: libcaca: illegal WRITE memory access at libcaca/caca/canvas.c:475 (function:caca_resize)
Last modified: 2023-09-13 08:20:17 UTC
rh#1928437 Created attachment 1756895 The report contains verification steps and POC Description of problem: Use a specific string to call caca_import_canvas_from_memory() the program will crash Version-Release number of selected component (if applicable): libcaca - v0.99.beta19 How reproducible: Steps to Reproduce: 1.Get the source code of libcaca: 2.Compile the libcaca.so library: $ cd libcaca $ apt-get install automake libtool pkg-config -y $ ./bootstrap $ ./configure $ make 3.Copy the POC.c & POC_build.sh in /example folder 4.Run POC_build.sh to compile POC.c 5Run POC Actual results: ================================================================= ==20599==ERROR: AddressSanitizer: SEGV on unknown address 0x601f1009f400 (pc 0x7fd5a381ff76 bp 0x7ffdb2f550d0 sp 0x7ffdb2f54e40 T0) ==20599==The signal is caused by a WRITE memory access. #0 0x7fd5a381ff75 in caca_resize /work/libcaca/caca/canvas.c:475:47 #1 0x7fd5a384fdc3 in _import_ansi /work/libcaca/caca/codec/text.c:451:17 #2 0x4f921c in main /work/libcaca/examples/POC.c:43:6 #3 0x7fd5a34840b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #4 0x41e34d in _start (/work/libcaca/examples/POC+0x41e34d) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /work/2_libfuzzer_Assignment/question3/libcaca/caca/canvas.c:475:47 in caca_resize ==20599==ABORTING Expected results: Additional info: References: https://bugzilla.redhat.com/show_bug.cgi?id=1928437 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3410 https://github.com/cacalabs/libcaca/issues/52
devel repo - https://build.opensuse.org/request/show/875423 SUSE_SLE-15_Update - https://build.suse.de/request/show/236858
SUSE-SU-2022:0754-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1182731,1184751,1184752 CVE References: CVE-2021-30498,CVE-2021-30499,CVE-2021-3410 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise Server for SAP 15 (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise Server 15-LTSS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE Enterprise Storage 6 (src): libcaca-0.99.beta19.git20171003-3.8.1 SUSE CaaS Platform 4.0 (src): libcaca-0.99.beta19.git20171003-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3400-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1182731 CVE References: CVE-2021-3410 JIRA References: Sources used: openSUSE Leap 15.4 (src): libcaca-0.99.beta19.git20171003-150200.11.9.1 openSUSE Leap 15.3 (src): libcaca-0.99.beta19.git20171003-150200.11.9.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): libcaca-0.99.beta19.git20171003-150200.11.9.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): libcaca-0.99.beta19.git20171003-150200.11.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3428-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1182731 CVE References: CVE-2021-3410 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libcaca-0.99.beta18-14.12.1 SUSE Linux Enterprise Server 12-SP5 (src): libcaca-0.99.beta18-14.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done, closing.