Bug 1194245 - (CVE-2021-45926) VUL-1: CVE-2021-45926: mdbtools: stack-based buffer overflow in mdb_numeric_to_string
(CVE-2021-45926)
VUL-1: CVE-2021-45926: mdbtools: stack-based buffer overflow in mdb_numeric_t...
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem
Leap 15.3
Other Other
: P4 - Low : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/319379/
CVSSv3.1:SUSE:CVE-2021-45926:4.4:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-01-03 15:14 UTC by Alexander Bergmann
Modified: 2022-02-09 16:50 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
pgajdos: needinfo? (abergmann)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Petr Gajdos 2022-01-10 10:44:13 UTC
I will probably need your assistance to understand this CVE assignment.

 (In reply to Alexander Bergmann from comment #0)
> CVE-2021-45926
> 
> MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at
> 0x7ffd0c689be0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and
> _mdb_attempt_bind).

So this is supposed to be fixed in 0.9.3?
https://github.com/mdbtools/mdbtools/releases/tag/v0.9.3
It was released on May 01, 2021, however

> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972

this bug was created at Jul 9, 2021 and immediately reported as fixed next day. I cannot find any commit, that would fit to these two days and

> https://github.com/mdbtools/mdbtools/commit/
> 373b7ff4c4daf887269c078407cb1338942c4ea6

is certainly not fixing anything.
Comment 2 Petr Gajdos 2022-01-10 10:45:31 UTC
Assigning to the maintainer, it is in 12, 15:Backports and Factory.
Comment 3 Petr Gajdos 2022-02-09 15:50:32 UTC
https://github.com/mdbtools/mdbtools/issues/375
Comment 4 Petr Gajdos 2022-02-09 16:50:49 UTC
Hi security team,

could you please consider to help us to find any info which would lead to identify the issue this CVE describes? There is no obvious commit related and reproduction is unsuccessful sofar. See also 1194246.