1212340 – (CVE-2022-28550) VUL-0: CVE-2022-28550: jhead: buffer overflow via shellescape()

Bug 1212340 (CVE-2022-28550) - VUL-0: CVE-2022-28550: jhead: buffer overflow via shellescape()

Summary: VUL-0: CVE-2022-28550: jhead: buffer overflow via shellescape()

Status:	NEW

Alias:	CVE-2022-28550

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Togan Muftuoglu
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/369372/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-06-14 07:05 UTC by Thomas Leroy
Modified:	2023-06-14 07:15 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2023-06-14 07:05:00 UTC

CVE-2022-28550

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via
shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it
detects a &i or &o. However, jhead does not check the boundary of the stack
buffer. As a result, there will be a stack buffer overflow problem when multiple
`&i` or `&o` are given.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28550
https://www.cve.org/CVERecord?id=CVE-2022-28550
https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167
https://github.com/Matthias-Wandel/jhead/issues/51

Comment 1 Thomas Leroy 2023-06-14 07:14:01 UTC

Affected:
- openSUSE:Factory
- openSUSE:Backports:SLE-15-SP4:Update
- openSUSE:Backports:SLE-15-SP5