Bug 1182731 (CVE-2021-3410) - VUL-0: CVE-2021-3410: libcaca: illegal WRITE memory access at libcaca/caca/canvas.c:475 (function:caca_resize)
Summary: VUL-0: CVE-2021-3410: libcaca: illegal WRITE memory access at libcaca/caca/ca...
Status: RESOLVED FIXED
Alias: CVE-2021-3410
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/278489/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-3410:5.5:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-25 09:03 UTC by Alexander Bergmann
Modified: 2023-09-13 08:20 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-02-25 09:03:38 UTC
rh#1928437

Created attachment 1756895
The report contains verification steps and POC

Description of problem:

Use a specific string to call caca_import_canvas_from_memory() the program will crash

Version-Release number of selected component (if applicable):
libcaca - v0.99.beta19

How reproducible:


Steps to Reproduce:
1.Get the source code of libcaca:

2.Compile the libcaca.so library:

$ cd libcaca
$ apt-get install automake libtool pkg-config -y
$ ./bootstrap
$ ./configure
$ make
3.Copy the POC.c & POC_build.sh in /example folder

4.Run POC_build.sh to compile POC.c

5Run POC

Actual results:
=================================================================
==20599==ERROR: AddressSanitizer: SEGV on unknown address 0x601f1009f400 (pc 0x7fd5a381ff76 bp 0x7ffdb2f550d0 sp 0x7ffdb2f54e40 T0)
==20599==The signal is caused by a WRITE memory access.
#0 0x7fd5a381ff75 in caca_resize /work/libcaca/caca/canvas.c:475:47
#1 0x7fd5a384fdc3 in _import_ansi /work/libcaca/caca/codec/text.c:451:17
#2 0x4f921c in main /work/libcaca/examples/POC.c:43:6
#3 0x7fd5a34840b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#4 0x41e34d in _start (/work/libcaca/examples/POC+0x41e34d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /work/2_libfuzzer_Assignment/question3/libcaca/caca/canvas.c:475:47 in caca_resize
==20599==ABORTING


Expected results:


Additional info:

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1928437
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3410
https://github.com/cacalabs/libcaca/issues/52
Comment 2 Josef Möllers 2021-02-26 16:07:43 UTC
devel repo - https://build.opensuse.org/request/show/875423
SUSE_SLE-15_Update - https://build.suse.de/request/show/236858
Comment 4 Swamp Workflow Management 2022-03-08 17:23:26 UTC
SUSE-SU-2022:0754-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1182731,1184751,1184752
CVE References: CVE-2021-30498,CVE-2021-30499,CVE-2021-3410
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    libcaca-0.99.beta19.git20171003-3.8.1
SUSE Linux Enterprise Server for SAP 15 (src):    libcaca-0.99.beta19.git20171003-3.8.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    libcaca-0.99.beta19.git20171003-3.8.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    libcaca-0.99.beta19.git20171003-3.8.1
SUSE Linux Enterprise Server 15-LTSS (src):    libcaca-0.99.beta19.git20171003-3.8.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    libcaca-0.99.beta19.git20171003-3.8.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    libcaca-0.99.beta19.git20171003-3.8.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    libcaca-0.99.beta19.git20171003-3.8.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    libcaca-0.99.beta19.git20171003-3.8.1
SUSE Enterprise Storage 6 (src):    libcaca-0.99.beta19.git20171003-3.8.1
SUSE CaaS Platform 4.0 (src):    libcaca-0.99.beta19.git20171003-3.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-09-26 19:28:14 UTC
SUSE-SU-2022:3400-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1182731
CVE References: CVE-2021-3410
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    libcaca-0.99.beta19.git20171003-150200.11.9.1
openSUSE Leap 15.3 (src):    libcaca-0.99.beta19.git20171003-150200.11.9.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    libcaca-0.99.beta19.git20171003-150200.11.9.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    libcaca-0.99.beta19.git20171003-150200.11.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-09-27 13:23:17 UTC
SUSE-SU-2022:3428-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1182731
CVE References: CVE-2021-3410
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libcaca-0.99.beta18-14.12.1
SUSE Linux Enterprise Server 12-SP5 (src):    libcaca-0.99.beta18-14.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Carlos López 2023-05-02 07:51:37 UTC
Done, closing.