oss-sec mailing list archives
less invalid memory access fixed (CVE-2014-9488)
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 10 Mar 2015 20:12:36 +0100
I stumbled over an invalid memory access in less a while ago: https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html While I never got a reply from the less developers it seems with version 475 they finally fixed it. They don't have any release announcements or public repositories, but there is a mentioning in the file version.c probably related: +v475 3/2/15 Fix possible buffer overrun with invalid UTF-8; + fix bug when compiled with no regex; fix non-match search. This is likely the change that fixes this bug (but I haven't verified that, there are multiple things changed between 474 and 475): --- less-474/line.c 2015-01-31 00:20:29.000000000 +0100 +++ less-475/line.c 2015-03-05 20:07:08.000000000 +0100 @@ -807,7 +807,7 @@ mbc_buf[mbc_buf_index++] = c; if (mbc_buf_index < mbc_buf_len) return (0); - if (is_utf8_well_formed(mbc_buf)) + if (is_utf8_well_formed(mbc_buf, mbc_buf_index)) r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos); else /* Complete, but not shortest form, sequence. */ If mitre and osvdb maintainers read this: please update the entries in your databases accordingly. I'll also update the blog post / advisory. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- less invalid memory access fixed (CVE-2014-9488) Hanno Böck (Mar 10)