oss-sec mailing list archives
Heap overflow and endless loop in exfatfsck / exfat-utils
From: Hanno Böck <hanno () hboeck de>
Date: Sat, 24 Oct 2015 10:31:16 +0200
https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html exfat-utils is a collection of tools to work with the exFAT filesystem. Fuzzing the exfatfsck with american fuzzy lop led to the discovery of a write heap overflow and an endless loop. Especially at risk are systems that are configured to run filesystem checks automatically on external devices like USB flash drives. A malformed input can cause a write heap overflow in the function verify_vbr_checksum. It might be possible to use this for code execution. Upstream bug report https://github.com/relan/exfat/issues/5 Sample file triggering the bug https://crashes.fuzzing-project.org/exfatfsck-heap-overflow-write-verify_vbr_checksum Git commit for fix https://github.com/relan/exfat/commit/2e86ae5f81da11f11673d0546efb525af02b7786 Another malformed input can cause an endless loop, leading to a possible denial of service. Upstream bug report https://github.com/relan/exfat/issues/6 Sample file triggering the bug https://crashes.fuzzing-project.org/exfatfsck-endless-loop Git commit of fix https://github.com/relan/exfat/commit/35a1f77f9be2d8b21731f758baba4334935bf18b Both issues have been fixed in the latest release 1.2.1 of exfat-utils. https://github.com/relan/exfat/releases/tag/v1.2.1 -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Heap overflow and endless loop in exfatfsck / exfat-utils Hanno Böck (Oct 24)
- Re: Heap overflow and endless loop in exfatfsck / exfat-utils cve-assign (Oct 29)